diff --git a/README.md b/README.md index c1aaab0..24e3dcf 100644 --- a/README.md +++ b/README.md @@ -2,28 +2,26 @@ ![Diagram](docs/diagram.png) -Docker Compose application for deploying [Grafana](https://grafana.com/), [InfluxDB](https://www.influxdata.com/products/influxdb-overview/), and [Traefik](https://containo.us/traefik/) in Docker containers. +Docker Compose application for deploying [InfluxDB](https://www.influxdata.com/products/influxdb-overview/), [Grafana](https://grafana.com/) and [Traefik](https://containo.us/traefik/) in Docker containers. The individual components are: -- **Grafana**: front-end for visualizing and querying data. - - **InfluxDB**: time-series database. +- **Grafana**: front-end for visualizing and querying data in InfluxDB. + - **Traefik**: edge router/reverse proxy which will auto-generate and auto-renew TLS certificates using [Let's Encrypt](https://letsencrypt.org/). This means that all data sent to and from Grafana and InfluxDB will be encrypted. ## Prerequisites -- [Docker Engine](https://docs.docker.com/engine/install/ubuntu/) - -- [Docker Compose](https://docs.docker.com/compose/install/) +- [Docker](https://docs.docker.com/get-docker/) ## How to run locally -Deploy the application: +Deploy the `docker-compose` application: ```bash -sudo docker-compose up -d +docker-compose up ``` You can then access Grafana at [monitoring.docker.localhost](http://monitoring.docker.localhost). Use the credentials in [.env](.env) to log in to Grafana. InfluxDB will be listening on port `8086`. @@ -32,41 +30,35 @@ Grafana is accessible from the HTTP and HTTPS ports (`80` and `443` respectively > Note that when accessing Grafana or InfluxDB that have been deployed locally, your browser and other apps may show warnings about invalid or self-signed TLS certificates. This is expected as localhost domains don't end with a valid top-level domain, so Traefik won't attempt to request a certificate for them. -Stop a running deployment: - -```bash -sudo docker-compose down -``` - ## General info -- Most settings that should be tweaked are provided in `.env`. - -- After the initial deployment, the containers are set to restart automatically if they stop e.g. on a machine reboot. They can be stopped completely using `docker-compose down`. - - Grafana will automatically be set up with InfluxDB as a data source (set up under `grafana/provisioning/datasources/influxdb.yml`). +- Most settings that should be tweaked are provided in [`.env`](./.env). + - InfluxDB will run shell scripts in `docker-entrypoint-initdb.d` on startup. - If you're testing locally, and an application which you want to use to send data to InfluxDB can't be set to ignore TLS certificates, change the `traefik.http.routers.influxdb-ssl.tls` label to `false` for the InfluxDB container inside `docker-compose.yml`. ## Deploying in production +- Set containers to restart automatically when shut down by uncommenting the `restart: always` lines under every container in [`docker-compose.yml`](./docker-compose.yml) + - Make sure to set a secure password for Grafana and InfluxDB! - For extra security, passwords can be managed with e.g. [Docker secrets](https://docs.docker.com/engine/swarm/secrets/) or [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html). -- Change the `MONITORING_DOMAIN` environment variable in `.env` to the domain where the application will be hosted. +- Change the `MONITORING_DOMAIN` environment variable in [`.env`](./.env) to the domain where the application will be hosted. -- Set the `LETS_ENCRYPT_EMAIL` environment variable in `.env` to a valid email that you wish to receive emails about [certificates issues to](https://cert-manager.io/docs/configuration/acme/#creating-a-basic-acme-issuer). +- Set the `LETS_ENCRYPT_EMAIL` environment variable in [`.env`](./.env) to a valid email that you wish to receive emails about [certificates issues to](https://cert-manager.io/docs/configuration/acme/#creating-a-basic-acme-issuer). -- Uncomment the appropriate `CA_SERVER` environment variable in `.env` to use [Let's Encrypt's](https://letsencrypt.org/) production API. +- Uncomment the appropriate `CA_SERVER` environment variable in [`.env`](./.env) to use [Let's Encrypt's](https://letsencrypt.org/) production API. > There is a limit of 5 certificates per week from Let's Encrypt's production server as stated [here](https://letsencrypt.org/docs/rate-limits/). For more info on the Let's Encrypt staging environment and Traefik, check the note under this [Traefik docs page](https://docs.traefik.io/v2.0/user-guides/docker-compose/acme-tls/#setup). -- Deploy as you would locally +- Run the `docker-compose` application in the background ```bash - sudo docker-compose up -d + docker-compose up -d ``` ## Useful commands diff --git a/docker-compose.yml b/docker-compose.yml index f17be6c..15283f2 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,7 +38,7 @@ services: << : *shared-influxdb-variables networks: - monitoring - restart: always + # restart: always labels: - "traefik.http.routers.influxdb-ssl.entryPoints=influxdb-port" - "traefik.http.routers.influxdb-ssl.rule=host(`$MONITORING_DOMAIN`)" @@ -49,7 +49,7 @@ services: grafana: container_name: $GRAFANA_DOCKER_CONTAINER_NAME - image: grafana/grafana:8.2.3 + image: grafana/grafana:8.4.3 volumes: - type: volume source: grafana-data @@ -79,7 +79,7 @@ services: << : *shared-influxdb-variables networks: - monitoring - restart: always + # restart: always depends_on: - $INFLUXDB_DOCKER_CONTAINER_NAME labels: @@ -99,7 +99,7 @@ services: traefik: container_name: traefik - image: traefik:v2.5.4 + image: traefik:v2.6.1 volumes: - type: volume source: traefik-data @@ -111,7 +111,7 @@ services: read_only: true networks: - monitoring - restart: always + # restart: always ports: - "80:80" - "443:443"