https://github.com/michael-michalski/graphitestatsd-encrypted

Showing how to make an encrypted graphite using nginx
https://github.com/michael-michalski/graphitestatsd-encrypted

docker encryption graphite nginx statsd

Last synced: about 1 month ago
JSON representation

Showing how to make an encrypted graphite using nginx

• Host: GitHub
• URL: https://github.com/michael-michalski/graphitestatsd-encrypted
• Owner: michael-michalski
• Created: 2020-05-13T23:22:20.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-05-14T11:13:42.000Z (about 6 years ago)
• Last Synced: 2025-10-28T15:03:09.307Z (8 months ago)
• Topics: docker, encryption, graphite, nginx, statsd
• Language: Dockerfile
• Size: 63.5 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Adding encryption & authentication to Graphite

To configure nginx for https add these to the server decleration.

```

listen 9443 ssl http2;

listen [::]:9443 ssl http2;

ssl_certificate /etc/ssl/certs/nginx-selfsigned-bundle.crt;

ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

```

To avoid MITM and ensure authentication between graphite and consumers add the following.

```

ssl_client_certificate /etc/ssl/certs/client.crt;

ssl_verify_client on;

```

## Step 1

Create ssl certificates from a root authority. And put 'graphitestatsd' as the CN, or what you decide to have as hostname. 

## Step 2

Bundle the server certificate and the root ca certificate into a certificate bundle.

cat server.pem rootCA.pem >> bundle.pem

## Step 3

Copy over the new nginx config and copy/mount the certificates into the image.

## Step 4

Add the client certificates into grafana.

![grafana configuration](https://github.com/michael-michalski/graphitestatsd-encrypted/raw/master/grafana-configuration.png "Logo Title Text 1")