Discover Centmin Mod today
Register Now

Netdata installation

Discussion in 'Other Web Apps usage' started by hitman, Mar 9, 2017.

  1. hitman

    hitman Member

    117
    10
    18
    Jul 18, 2014
    Ratings:
    +14
    Local Time:
    10:29 PM
    I have installed netdata and i am trying to configure it properly so it will work with nginx
    according to here it is supposed to create a virtual host but i am not sure how to proceed based on centminmod structure.

    any help much appreciated
     
    • Like Like x 1
  2. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    This is nice, i like it, installed it as well, i've tried to password protect it but that's not working very well, i know since im only able to connect via ip_address:19999 that in order to get it to connect on hostname:19999 then i'd need to add that acordingly to the nginx conf file, i believe this would be the virtual.conf since itll be on the hostname and then add authentication similar to how wp_cli with centminmod can add htaccess type password protection, however i cant get this to work, ill try again later
     
  3. ethanpil

    ethanpil Active Member

    168
    47
    28
    Nov 8, 2015
    Ratings:
    +87
    Local Time:
    6:29 AM
    I would love to see an official centmin addon/option to install netdata with some protection. Its a wonderful tool.
     
  4. pamamolf

    pamamolf Well-Known Member

    2,825
    253
    83
    May 31, 2014
    Ratings:
    +449
    Local Time:
    10:29 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    @SFLC

    If you install it at your domain public folder like /public/netdata/ then you can use your domain config to password protect it ....

    If you use the /html/netdata/ default setup then you can use the default vhost config to password protect it :)
     
  5. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    ya thats not working for me for some reason, seems to password protect the hostname itself and not the ip : port or hostname : port,

    either way i cant get the hostname : port to work
     
    Last edited: Mar 9, 2017
  6. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    What's not working for you, you should be able to get it up on ip : port, is hostname : port whats not working
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,966
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    6:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    basically the same just add to your Centmin Mod Nginx vhost

    above existing server{} context
    Code (Text):
    upstream backend {
       # the netdata server
       server 127.0.0.1:19999;
       keepalive 64;
    }
    

    then within server{} context setup nginx reverse proxy off a subdomain add to your existing location context matches above or below
    Code (Text):
       location /netdata {
           return 301 /netdata/;
       }
    
       location ~ /netdata/(?<ndpath>.*) {
           proxy_redirect off;
           proxy_set_header Host $host;
    
           proxy_set_header X-Forwarded-Host $host;
           proxy_set_header X-Forwarded-Server $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_http_version 1.1;
           proxy_pass_request_headers on;
           proxy_set_header Connection "keep-alive";
           proxy_store off;
           proxy_pass http://backend/$ndpath$is_args$args;
    
           gzip on;
           gzip_proxied any;
           gzip_types *;
       }
    

    to password protect add
    Code (Text):
            auth_basic      "Private Access";
            auth_basic_user_file  /usr/local/nginx/conf/htpass_netdata;
            allow 127.0.0.1;
            allow YOURISP_IPADDRESS;
            deny all;
    

    generate the HTTP authentication password for /usr/local/nginx/conf/htpass_netdata where USER and PASS are your username and password
    Code (Text):
    python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpass_netdata USER PASS
    

    so it becomes
    Code (Text):
       location /netdata {
           return 301 /netdata/;
       }
    
       location ~ /netdata/(?<ndpath>.*) {
            auth_basic      "Private Access";
            auth_basic_user_file  /usr/local/nginx/conf/htpass_netdata;
            allow 127.0.0.1;
            allow YOURISP_IPADDRESS;
            deny all;
           proxy_redirect off;
           proxy_set_header Host $host;
    
           proxy_set_header X-Forwarded-Host $host;
           proxy_set_header X-Forwarded-Server $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_http_version 1.1;
           proxy_pass_request_headers on;
           proxy_set_header Connection "keep-alive";
           proxy_store off;
           proxy_pass http://backend/$ndpath$is_args$args;
    
           gzip on;
           gzip_proxied any;
           gzip_types *;
       }
    

    This is something that Centmin Mod addons/netdata.sh installer does automatically https://community.centminmod.com/threads/addons-netdata-sh-new-system-monitor-addon.7022/ and something similar to above. The addons/netdata.sh installer is work in progress for future release and testing.

    So for now folks, you'll have to figure it all out for yourselves :)
     
    • Winner Winner x 2
    • Informative Informative x 1
  8. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    Thanks @eva2000 is this supposed to go in the virtual.conf file under the conf.d dir, as i added it but still no go on the password protection
     
    Last edited: Mar 9, 2017
  9. eva2000

    eva2000 Administrator Staff Member

    30,966
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    6:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    the above examples go into your domain nginx vhost. My addons/netdata.sh though is for main hostname virtual.conf vhost in Centmin Mod and slightly different from above instructions
     
    • Like Like x 1
  10. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    thanks @eva2000 works perfectly, just had to remove the deny all; because I didnt add my ip as it's not static.

    Is there any way to block direct access to the serverip : 19999, as that's not password protected
     
  11. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    I removed the port from tcp in allowed list in csf, i think thats achieving blocking directly form the ip
     
  12. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    and also changed netdata.conf to bind to 127.0.0.1

    Code:
    # NetData Configuration
    #
    # To see defaults, grab one from your instance:
    # http://localhost:19999/netdata.conf
    
    # global netdata configuration
    
    [global]
            run as user = netdata
            web files owner = root
            web files group = netdata
            # Netdata is not designed to be exposed to potentially hostile networks
            # See https://github.com/firehol/netdata/issues/164
            bind to = 127.0.0.1
    I may be doing this all wrong but it seems to be working
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,966
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    6:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes you shouldn't need to whitelist port 19999 if you are using netdata behind nginx reverse proxy and yup bind to 127.0.0.1 is correct
     
  14. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    has anyone added plugins yet, cant seem to get it working for nginx, sql and phpfpm, their docs are impossible to understand for non phd level programmers
     
  15. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    got the nginx plugin to work, it needed stub status,

    does anyone know how to enable the phpfpm status page, looks like the addition to nginx conf isnt enough, when i curl the status page i just a "file not found." error.
     
  16. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    ok figured it out, you have to edit the line:
    in /usr/local/etc/php-fpm.conf

    from

    Code:
    pm.status_path = /phpstatus
    to
    Code:
    pm.status_path = /status
    and confirm by curl http://127.0.0.1:80/status

    also ensure you have the right content in you nginx conf file, here is what i have that will enable both phpfpm and nginx modules to work with netdata

    Code:
    location ~ ^/(status|ping)$ {
         access_log off;
         allow 127.0.0.1;
         #allow 1.2.3.4#your-ip;
         #deny all;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_pass 127.0.0.1:9000;
    }
    
    
    location /stub_status {
     stub_status;
     allow 127.0.0.1;
     # deny all;
     }
    now i have to figure out how to get the mysql module to work
     
    • Like Like x 2
  17. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:29 PM
    1
    10
    and mysql plugin is working now:

    just add the appropriate passwords for your mysql server into

    /usr/local/nginx/html/netdata/conf.d/python.d/mysql.conf

    I just gave it the root password, this is running on localhost so I don't see any harm in this

    the location from above for me is where i have the git cloned copy of netdata, editing the installed conf file didnt seem to work, so i had to edit the one from above, uninstall then install and voila
     
    • Like Like x 2
  18. eva2000

    eva2000 Administrator Staff Member

    30,966
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,422
    Local Time:
    6:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1