Load Netdata behind Nginx, with Authentication using SSL, On All domains


#1

I have a fresh droplet with a single domain (so far) The stack is installed with easyengine on Ubuntu 16.04

root@kora:~# ee site info kora.nz
Information about kora.nz:

Nginx configuration      wp wpfc (enabled)
PHP Version              7.0
HHVM                     disabled
SSL                      enabled
SSL PROVIDER             Lets Encrypt
SSL EXPIRY DATE          Sun May 13 21:44:29 UTC 2018

access_log               /var/www/kora.nz/logs/access.log
error_log                /var/www/kora.nz/logs/error.log
Webroot                  /var/www/kora.nz

Netdata is here:

root@kora:~# which netdata
/usr/sbin/netdata
root@kora:~#

All is good. At the moment I access netdata via http://kora.nz:19999 However I would like to access Netdata via Nginx so to provide a password and redirect to:

https://kora.nz/netdata not http://kora.nz:19999

Would greatly appreciate the steps to achieve this. FYI I use Cloudflare.com


#2

Hello,

you just need to add the following code to your nginx vhost :

   location /netdata {
        return 301 /netdata/;
   }

   location ~ /netdata/(?<ndpath>.*) {
        include common/acl.conf;
        proxy_redirect off;
        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
        proxy_pass http://netdata/$ndpath$is_args$args;

        gzip on;
        gzip_proxied any;
        gzip_types *;
    }

And the following lines to /etc/nginx/conf.d/upstream.conf

upstream netdata {
    server 127.0.0.1:19999;
    keepalive 64;
}

#3

@virtubox is nginx vhost file this one?: /etc/nginx/sites-available/kora.nz

And the added blocks would look like this?

server {

    server_name kora.nz   www.kora.nz;

    access_log /var/log/nginx/kora.nz.access.log rt_cache;
    error_log /var/log/nginx/kora.nz.error.log;

    root /var/www/kora.nz/htdocs;

    index index.php index.html index.htm;

    include common/wpfc-php7.conf;
    include common/wpcommon-php7.conf;
    include common/locations-php7.conf;
    include /var/www/kora.nz/conf/nginx/*.conf;

    location /netdata {
        return 301 /netdata/;
   }

   location ~ /netdata/(?<ndpath>.*) {
        include common/acl.conf;
        proxy_redirect off;
        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
        proxy_pass http://netdata/$ndpath$is_args$args;

        gzip on;
        gzip_proxied any;
        gzip_types *;
    }
}

#4

I have tried this and the site stopped loading … I have reverted the changes


#5

@virtubox The load failure was my fault from a malformed block - gotta watch those {}!

I am working on pass authorization now


#6

here is my fully formed /etc/nginx/sites-available/kora.nz file

server {


    server_name kora.nz   www.kora.nz;

    access_log /var/log/nginx/kora.nz.access.log rt_cache;
    error_log /var/log/nginx/kora.nz.error.log;

    root /var/www/kora.nz/htdocs;

    index index.php index.html index.htm;

    include common/wpfc-php7.conf;
    include common/wpcommon-php7.conf;
    include common/locations-php7.conf;
    include /var/www/kora.nz/conf/nginx/*.conf;


   location /netdata {
        return 301 /netdata/;
        auth_basic "Server Stats";
        auth_basic_user_file /etc/nginx/.htpasswd;
   }

   location ~ /netdata/(?<ndpath>.*) {
        include common/acl.conf;
        proxy_redirect off;
        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
        proxy_pass http://netdata/$ndpath$is_args$args;

        gzip on;
        gzip_proxied any;
        gzip_types *;
    }
}

I followed this for Nginx authorisation: https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-nginx-on-ubuntu-14-04

Auth is failing and it seems my blocks above are malformed still. I say this because I don’t even see the correct text in the authorization popup that is declared here: auth_basic "Server Stats";


#7

On my example, I have added include common/acl.conf to use the same ACL than EasyEngine backend. You just have to use

ee secure --auth

to set a new user/password and to access to netdata.