groove/mikrotik_monitoring
1
0
Fork 0
mirror of https://github.com/M0r13n/mikrotik_monitoring.git synced 2025-12-06 10:09:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

adds option to add https

Browse source
This commit is contained in:
Leon Morten Richter 2022-06-30 14:42:47 +02:00
parent 9a9e21451b
commit 6a1e1432b2
No known key found for this signature in database
GPG key ID: 9903A6789FCE9468
5 changed files with 71 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -87,3 +87,24 @@ Done. You should now be able to open the Grafana dashboard on Port 3000 of your
## Multiple Nodes
It is possible to monitor multiple (Mikrotik) devices. Just change add as many devices to `mktxp/mktxp.conf` as you want.
## HTTPS
It is also possible to access the Grafana Dashboard over HTTPS.
Depending on your security requirements and/or threat model it might be a good idea to enable HTTPS.
Generate a self signed certificate for your domain:
`sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./nginx/nginx-selfsigned.key -out ./nginx/nginx-selfsigned.crt`
This command generates two files:
- the private key: `./nginx/nginx-selfsigned.key`
- the certificate file `./nginx/nginx-selfsigned.crt`
Both files need to be mapped as a volume to `/etc/nginx/ssl/`.
Then you also need to adjust the `docker-compose.yml` file:
- comment the line `./nginx/nginx.conf:/etc/nginx/conf.d/default.conf`
- and uncomment the four lines below
Finally you need to adjust the `nginx/nginx.conf.https` and adjust the `server_name` to your domain.

19
docker-compose.yml
View file

@ -38,9 +38,6 @@ services:
- GF_USERS_ALLOW_SIGN_UP=false
- GF_INSTALL_PLUGINS=flant-statusmap-panel
restart: unless-stopped
ports:
- 3000:3000
- 80:3000
networks:
- default
labels:
@ -56,3 +53,19 @@ services:
- default
restart: unless-stopped
nginx:
image: nginx:latest
container_name: nginx
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
# Uncomment the four lines below to enable HTTPS
# - ./nginx/nginx.conf.https:/etc/nginx/conf.d/default.conf
# - ./nginx/nginx-selfsigned.key:/etc/nginx/ssl/nginx-selfsigned.key
# - ./nginx/nginx-selfsigned.crt:/etc/nginx/ssl/nginx-selfsigned.crt
# - ./nginx/self-signed.conf:/etc/nginx/ssl/self-signed.conf
ports:
- 80:80
- 443:443
networks:
- default

9
nginx/nginx.conf Normal file
View file

@ -0,0 +1,9 @@
server {
listen 80;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_pass http://grafana:3000/;
}
}

22
nginx/nginx.conf.https Normal file
View file

@ -0,0 +1,22 @@
server {
listen 80;
server_name 192.168.0.10;
# Your domain
return 302 https://192.168.0.10;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include ssl/self-signed.conf;
# Your domain
server_name 192.168.0.10;
location / {
proxy_pass http://grafana:3000/;
}
}

2
nginx/self-signed.conf Normal file
View file

@ -0,0 +1,2 @@
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;