Installing Netdata and secure using Nginx basic http authentication

Netdata is a distributed, real-time performance and health monitoring tool for systems and applications. It is a highly-optimized monitoring agent that can be installed on Linux servers.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Netdata queries.

In this guide, we will show you how to install Netdata and prevent public access to its web area because Netdata does not have an authentication feature.

 

What is needed for this Installation to go through;

  • A Root access to a Server.
  • A fresh instance of a CentOS or Ubuntu Linux Distribution.


1. Installation and Configuration of Netdata

i. Installation

To make a successful installation of Netdata, you can use the bash script provided by Netdata.

Enter the command below to implement this;

 $ bash <(curl -Ss https://my-netdata.io/kickstart.sh)

 You will see a similar activity as shown above.

As soon as Netdata installation is complete, the service will be automatically started and enabled. To confirm the status, simply run the command below;

$ systemctl status netdata

Then you will be able to access Netdata web portal via;

Your_server_ip:19999

Where "Your_server_ip"  is your server.

 

ii. Configuration

To configure Netdata correctly, you need to ensure that it listens to 127.0.0.1 because we don’t want it to be accessible on the web.

 To implement this, do the following:

Edit /etc/netdata/netdata.conf , Use the following command ;

 

In Ubuntu, enter;

sudo nano /etc/netdata/netdata.conf

In CentOS, use;

vi /etc/netdata/netdata.conf

 

All you must do now is to uncomment “bind to” as follows;

 bind to = 127.0.0.1

 

2. Install and Configure Nginx

To enable access to the web portal by the Netdata, we need to install Nginx to set up reverse proxy.


How to install Nginx ?

To install Nginx, run the following command;

 In Debian/Ubuntu, use;

sudo apt install nginx apache2-utils

 In CentOS, use;

sudo yum install Nginx apache2-utils

 

Authentication Processing

We need to create a username and password. use the command below;

sudo htpasswd -c /etc/nginx/.htpasswd username1 

 Where the assigned username is "username1", you will be prompted to enter a password and that would be your Nginx password.

 To confirm that the username and password has been correctly implemented, use the following command;

cat /etc/nginx/.htpasswd

 

Nginx Configuration

 Edit your Nginx configuration which is usually located in the /usr/local/nginx/conf/etc/nginx, or /usr/local/etc/nginx  Directory.

 

In Ubuntu, use;\ 

$ sudo nano /usr/local/nginx/conf

 In Centos, Use;

vi /usr/local/nginx/conf

 We will change the http block within the configuration file. So, locate the http block section!

 It will be like;

upstream backend {
   server 127.0.0.1:19999;
   keepalive 64;
}
 
server {
   listen <10.0.0.1>:80;
   server_name ;
 
   auth_basic "Protected";
  auth_basic_user_file /etc/nginx/.htpasswd;
 
   location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_pass_request_headers on;
    proxy_set_header Connection "keep-alive";
     proxy_store off;
   }
}

Replace the <10.0.0.1> with your server ip, and <domain.com> with your domain.

Next, you should save the file and confirm it with the following command;

sudo nginx -t

For error check, reload Nginx by using the command below;

sudo systemctl reload nginx

Finally, to test your netdata, enter your server ip or domain on a web browser.

 

 

Remarks

We have successfully done a setup of Netdata on a Linux server. Contact us, if you need us to get it set up on your own server. We offer Linux Server installation and configuration services.

Netdata is very essential utility application which provides a real-time monitoring service for Linux systems and applications by displaying interactive charts which can be viewed via a web browser.

Related Posts