diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3968407 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +docker/ssl/* +!docker/ssl/.gitkeep diff --git a/README.md b/README.md index ca33b28..905a8fb 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,10 @@ This stack is also known as the **TIG** stack. ## Quickstart -The easiest way to test is to use [Docker](https://www.docker.com/). Ensure you have `docker` and -`docker-compose` binary installed. +**Testing purpose only**. + +This guide uses [Docker](https://www.docker.com/). Ensure you have `docker`, `docker-compose` and `openssl` binaries +installed. Write your miner address, grafana and influxdb credentials: @@ -22,17 +24,20 @@ Write your miner address, grafana and influxdb credentials: vi docker/environment ``` +Generate a self-signed certificate: + +``` +openssl req -x509 -nodes -newkey rsa:2048 -keyout docker/ssl/influxdb.key -out docker/ssl/influxdb.crt -days 365 +``` + +Press enter to every question. + Then start containers: ``` docker-compose up -d ``` -## Going further - -You should secure [InfluxDB](https://docs.influxdata.com/influxdb/v1.7/administration/security/) by using encryption for -communication. The stack doesn't require Docker. - ## Disclaimer Telegraf is able to make API call on thrid-party services. Please read terms of service before going further. The diff --git a/docker-compose.yml b/docker-compose.yml index ccb83fe..45dc775 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ services: - "8083:8083" - "8086:8086" volumes: + - ./docker/ssl:/etc/ssl/self-signed - influxdb-storage:/var/lib/influxdb restart: always diff --git a/docker/environment b/docker/environment index 6889b88..7ae057e 100644 --- a/docker/environment +++ b/docker/environment @@ -8,3 +8,6 @@ INFLUXDB_READ_USER=grafana INFLUXDB_READ_USER_PASSWORD= INFLUXDB_ADMIN_USER=admin INFLUXDB_ADMIN_USER_PASSWORD= +INFLUXDB_HTTP_HTTPS_ENABLED=true +INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/self-signed/influxdb.crt +INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/self-signed/influxdb.key diff --git a/docker/ssl/.gitkeep b/docker/ssl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/telegraf.conf b/docker/telegraf.conf index 80f677d..6499101 100644 --- a/docker/telegraf.conf +++ b/docker/telegraf.conf @@ -13,5 +13,10 @@ omit_hostname = false [[outputs.influxdb]] + urls = ["https://influxdb:8086"] + username = "${INFLUXDB_WRITE_USER}" + password = "${INFLUXDB_WRITE_USER_PASSWORD}" database = "${INFLUXDB_DB}" - urls = ["http://${INFLUXDB_WRITE_USER}:${INFLUXDB_WRITE_USER_PASSWORD}@influxdb:8086"] + skip_database_creation = true + insecure_skip_verify = true + content_encoding = "gzip"