Skip to content

📊  InfluxDB, Grafana, and Traefik in Docker Compose (TLS-secured metrics solution)

Notifications You must be signed in to change notification settings

Thosch42/docker-influxdb-grafana-traefik

 
 

Repository files navigation

Secure Monitoring Solution in Docker

Diagram

Docker Compose application for deploying InfluxDB, Grafana and Traefik in Docker.

The individual components are:

  • InfluxDB: time-series database.

  • Grafana: front-end for visualizing and querying data in InfluxDB.

  • Traefik: edge router/reverse proxy which will auto-generate and auto-renew TLS certificates using Let's Encrypt. This means that all data sent to and from Grafana and InfluxDB will be encrypted.

Prerequisites

How to Run Locally

Deploy the docker-compose application:

docker-compose up

You can then access Grafana at monitoring.docker.localhost. Use the credentials in .env to log in to Grafana. InfluxDB will be listening on port 8086.

Grafana is accessible from the HTTP and HTTPS ports (80 and 443 respectively), with redirection from HTTP to HTTPS handled using Traefik routers.

Note that when accessing Grafana or InfluxDB that have been deployed locally, your browser and other apps may show warnings about invalid or self-signed TLS certificates. This is expected as localhost domains don't end with a valid top-level domain, so Traefik won't attempt to request a certificate for them.

Notes

  • Grafana will automatically be set up with InfluxDB as a data source (set up under grafana/provisioning/datasources/influxdb.yml).

  • InfluxDB will run shell scripts in docker-entrypoint-initdb.d on startup.

  • Most settings that should be tweaked are provided in .env.

  • If you're testing locally, and an application which you want to use to send data to InfluxDB can't be set to ignore TLS certificates, change the traefik.http.routers.influxdb-ssl.tls label to false for the InfluxDB container inside docker-compose.yml.

Deploying in Production

  • Set a secure password for Grafana and InfluxDB.

  • Change the MONITORING_DOMAIN environment variable in .env to the domain where the application will be hosted.

  • Set the LETS_ENCRYPT_EMAIL environment variable in .env to a valid email that you wish to receive emails about certificates issues to.

  • Uncomment the appropriate CA_SERVER environment variable in .env to use Let's Encrypt's production API.

    There is a limit of 5 certificates per week from Let's Encrypt's production server as stated here. For more info on the Let's Encrypt staging environment and Traefik, check the note under this Traefik docs page.

Useful Commands

Check container logs

sudo docker container logs <CONTAINER NAME OR ID> [--follow]

Check where data is stored (Docker volumes)

$ sudo docker volume ls

DRIVER          VOLUME NAME
local           monitoring_grafana-lib
local           monitoring_influxdb-lib
local           monitoring_traefik-data

Attach to a container and use bash within it (useful for InfluxDB database maintenance)

sudo docker exec -it <CONTAINER NAME OR ID> /bin/bash

Start up the the InfluxDB CLI when attached to the InfluxDB docker container

influx --username <InfluxDB username> --password <InfluxDB password>

Check space used by Docker containers

sudo docker system df --verbose

Links

About

📊  InfluxDB, Grafana, and Traefik in Docker Compose (TLS-secured metrics solution)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%