Skip to content

Instantly share code, notes, and snippets.

@shantanoo-desai

shantanoo-desai/README.md

Created April 6, 2022 16:10
Show Gist options
  • Save shantanoo-desai/09518e69cf07ba60d647d283fba109a0 to your computer and use it in GitHub Desktop.
Save shantanoo-desai/09518e69cf07ba60d647d283fba109a0 to your computer and use it in GitHub Desktop.
Download ZIP
InfluxDBv2 with telegraf behind a Traefik Reverse-Proxy
Raw
README.md

InfluxDBv2 UI behind Traefik Reverse-Proxy

Render your InfluxDB v2 UI behind a Traefik Reverse-Proxy

InfluxDBv2 does not provide any configuration flags / environment variables that can help render the UI as paths e.g. /influxdb. However, there is a potential way to circumvent this problem but using Host in Traefik.

NOTE: PLEASE DO NOT DEPLOY THIS STACK IN PRODUCTION.

Results / Caveats / Design

The UI will be available on http://influxdb.localhost instead of http://localhost/influxdb

Metrics

You can configure Traefik to store its metrics via its Static Configuration file (traefik.toml) however you will need to add the information like:

  • Bucket
  • OrgName
  • Token

as hard-coded credentials because [Traefik Static Configuration DO NOT support Go Templating] (https://doc.traefik.io/traefik/providers/file/#go-templating)

A good possibility is to use placeholders and substitute them via envsubstr in a separate bash file, before bringing the stack up

Common Variables Usage

within the docker-compose.yml file

x-common-env-variables: &common-env
  DOCKER_INFLUXDB_INIT_ORG: LocalHost
  DOCKER_INFLUXDB_INIT_BUCKET: data
  DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: customAdminToken

can be used to configure both, InfluxDB and Telegraf for and out-of-the-box stack. However, additional required Environment Variables for InfluxDB are introduced via influxdb.env

Security

not the best thing to let Traefik use /var/run/docker.sock, however setting it to read-only, avoiding extra privilege escalations and using a namespace should make this example a bit more secure.

Configuration Checks

Use the integrated compose CLI from docker to verify if everything looks okay or not!

docker compose config

LICENSE

Published under MIT License

Maintainer

Shan Desai

Raw
docker-compose.yml
version: '3.7'
x-common-env-variables: &common-env
DOCKER_INFLUXDB_INIT_ORG: LocalHost
DOCKER_INFLUXDB_INIT_BUCKET: data
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: customAdminToken
services:
traefik:
image: traefik:v2.7
container_name: reverse-proxy
depends_on:
- influxdb
networks:
- proxy-network
ports:
- "80:80"
security_opt:
- "no-new-privileges:true"
userns_mode: "host"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- ./traefik/configurations:/etc/traefik/configurations
influxdb:
image: influxdb:2.1-alpine
container_name: influxdb
environment: *common-env
env_file:
- ./influxdb.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.influxdb-router=influxdb-router@file"
- "traefik.http.routers.influxdb-router.service=influxdb@file"
networks:
- proxy-network
security_opt:
- "no-new-privileges:true"
telegraf:
image: telegraf:1.22-alpine
container_name: telegraf
hostname: telegraf
environment: *common-env
depends_on:
- influxdb
- traefik
labels:
- "traefik.enable=false"
networks:
- proxy-network
security_opt:
- "no-new-privileges:true"
volumes:
- ./telegraf/telegraf.toml:/etc/telegraf/telegraf.conf:ro
networks:
proxy-network:
external: true
Raw
influxdb.env
# InfluxDB v2 Related Environment Variables
DOCKER_INFLUXDB_INIT_MODE=setup
DOCKER_INFLUXDB_INIT_USERNAME=admin
DOCKER_INFLUXDB_INIT_PASSWORD=securePassword
INFLUXD_HTTP_BIND_ADDRESS=0.0.0.0:8086
Raw
routers-http.toml
# traefik/configurations/routers-http.toml
[http]
[http.routers]
[http.routers.influxdb-router]
rule = "Host(`influxdb.localhost`)"
entryPoints = ["web"]
service = "influxdb"
Raw
services-http.toml
# traefik/configurations/services-http.toml
[http]
[http.services]
[http.services.influxdb]
[http.services.influxdb.loadBalancer]
[[http.services.influxdb.loadBalancer.servers]]
url = "http://influxdb:8086"
Raw
telegraf.toml
# Configuration for telegraf agent
[agent]
## Default data collection interval for all inputs
interval = "10s"
## Rounds collection interval to 'interval'
## ie, if interval="10s" then always collect on :00, :10, :20, etc.
round_interval = true
## Telegraf will send metrics to outputs in batches of at most
## metric_batch_size metrics.
## This controls the size of writes that Telegraf sends to output plugins.
metric_batch_size = 1000
## For failed writes, telegraf will cache metric_buffer_limit metrics for each
## output, and will flush this buffer on a successful write. Oldest metrics
## are dropped first when this buffer fills.
## This buffer only fills when writes fail to output plugin(s).
metric_buffer_limit = 10000
## Collection jitter is used to jitter the collection by a random amount.
## Each plugin will sleep for a random time within jitter before collecting.
## This can be used to avoid many plugins querying things like sysfs at the
## same time, which can have a measurable effect on the system.
collection_jitter = "0s"
## Default flushing interval for all outputs. Maximum flush_interval will be
## flush_interval + flush_jitter
flush_interval = "10s"
## Jitter the flush interval by a random amount. This is primarily to avoid
## large write spikes for users running a large number of telegraf instances.
## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
flush_jitter = "0s"
## By default or when set to "0s", precision will be set to the same
## timestamp order as the collection interval, with the maximum being 1s.
## ie, when interval = "10s", precision will be "1s"
## when interval = "250ms", precision will be "1ms"
## Precision will NOT be used for service inputs. It is up to each individual
## service input to set the timestamp at the appropriate precision.
## Valid time units are "ns", "us" (or "µs"), "ms", "s".
precision = ""
## Logging configuration:
## Run telegraf with debug log messages.
debug = false
## Run telegraf in quiet mode (error log messages only).
quiet = false
## Specify the log file name. The empty string means to log to stderr.
logfile = ""
## Override default hostname, if empty use os.Hostname()
hostname = ""
## If set to true, do no set the "host" tag in the telegraf agent.
omit_hostname = false
[[outputs.influxdb_v2]]
urls = ["http://influxdb:8086"]
token = "${DOCKER_INFLUXDB_INIT_ADMIN_TOKEN}"
organization = "${DOCKER_INFLUXDB_INIT_ORG}"
bucket = "${DOCKER_INFLUXDB_INIT_BUCKET}"
[[inputs.cpu]]
## Whether to report per-cpu stats or not
percpu = true
## Whether to report total system cpu stats or not
totalcpu = true
## If true, collect raw CPU time metrics.
collect_cpu_time = false
## If true, compute and report the sum of all non-idle CPU states.
report_active = false
[[inputs.disk]]
## By default stats will be gathered for all mount points.
## Set mount_points will restrict the stats to only the specified mount points.
# mount_points = ["/"]
## Ignore mount points by filesystem type.
ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"]
[[inputs.diskio]]
[[inputs.mem]]
[[inputs.net]]
[[inputs.processes]]
[[inputs.swap]]
[[inputs.system]]
Raw
traefik.toml
# traefik/traefik.toml
[global]
checkNewVersion = false
sendAnonymousUsage = true
[log]
level = "DEBUG"
format = "common"
[entryPoints]
[entryPoints.web]
address = ":80"
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
network = "proxy-network"
[providers.file]
directory = "/etc/traefik/configurations/"
watch = true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment