Installing netdata on Ubuntu 16.04 with NGINX and SSL
In this guide I assume you have already downloaded and setup NGINX boilerplate on your server, and have setup Certbot.
I started by following the instructions on netdata’s homepage.
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
cd /usr/src/netdata.git/
sudo ./netdata-installer.shTo automatically update netdata we’re going to add a daily cronjob
crontab -eand append
@daily /usr/src/netdata.git/netdata-updater.shNow we’ll create a directory for our subdomain
mkdir /var/www/monitor.yourdomain.com/
chown -R www-data:www-data /var/www/monitor.yourdomain.com/Next we’re gonna configure NGINX to serve netdata on it’s own subdomain using a simple HTTP server so Certbot can verify our website and install the SSL certificates.
cd /etc/nginx/sites-available/
vi netdata.confserver
{
server_name monitor.yourdomain.com;
root /var/www/monitor.yourdomain.com/;
listen 80;
listen [::]:80;
include boilerplate/disable/logging.conf;
include boilerplate/locations/letsencrypt.conf;
}Enable our new subdomain’s configuration
cd ../sites-enabled
ln -s ../sites-available/netdata.conf netdata.confAnd let Certbot do it’s magic
certbot certonly --webroot -w /var/www/monitor.yourdomain.com/ -d monitor.yourdomain.comIf all goes well Certbot will download our SSL certificates to /etc/letsencrypt/live/monitor.yourdomain.com/
We’ll add a daily cronjob to automatically renew our SSL certificates
crontab -eand append
@daily /usr/bin/certbot renew --quiet --post-hook "/usr/sbin/service nginx reload"Now we’ll edit our NGINX configuration file by adding a HTTPS server, acting as a proxy for our netdata webserver, with a basic HTTP server redirecting HTTP to HTTPS
cd /etc/nginx/sites-available/
vi monitor.yourdomain.com# HTTP - Redirect http to https
server
{
server_name monitor.yourdomain.com;
root /var/www/monitor.yourdomain.com/;
listen 80;
listen [::]:80;
include boilerplate/disable/logging.conf;
#include boilerplate/locations/letsencrypt.conf;
# redirect to https
return 301 https://monitor.yourdomain.com$request_uri;
}
# HTTPS
server
{
server_name monitor.yourdomain.com 127.0.0.1 localhost;
root /var/www/monitor.yourdomain.com/;
listen 443 ssl;
listen [::]:443 ssl;
include boilerplate/enable/ssl.conf;
ssl_certificate /etc/letsencrypt/live/monitor.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/monitor.yourdomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/monitor.yourdomain.com/chain.pem;
include boilerplate/disable/uploads.conf;
include boilerplate/enable/gzip.conf;
include boilerplate/limits/methods.conf;
include boilerplate/limits/requests.conf;
rewrite_log on;
access_log /var/log/nginx/monitor.yourdomain.com.bots.log main if=$is_bot; #buffer=10k flush=1m;
access_log /var/log/nginx/monitor.yourdomain.com.access.log main if=!$is_bot; #buffer=10k flush=1m;
error_log /var/log/nginx/monitor.yourdomain.com.error.log error;
include boilerplate/locations/system.conf;
include boilerplate/locations/errors.conf;
#include boilerplate/locations/php.conf;
#include boilerplate/locations/main.conf;
#include boilerplate/locations/static.conf;
include boilerplate/locations/letsencrypt.conf;
location / {
proxy_pass http://localhost:19999;
proxy_ssl_session_reuse off;
proxy_redirect off;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
}
}Now we’ll check our configuration file for any errors
service nginx configtestand if it’s OK
service nginx reloadAt this point you should be able to visit monitor.yourdomain.com. If you notice the page is loading very slow, you might need to edit your NGINX configuration file by doing the following
cd /etc/nginx/boilerplate/system/
vi connections.confand making sure the following option is present and uncommented
multi_accept on;Reload NGINX’s configuration once more
service nginx reloadThat’s it, by now you should have a fully working netdata subdomain running on your server!