๐ก๏ธ Proxy Nginx with SSL for RR-Flow
Using Nginx to access RR-Flow directly through a domain with SSL certificate.
Grafana Configuration
First, let’s configure Grafana to run in localhost mode only, so that port 3000 is available only to the server itself and adjust the base URL. To do this, make the following adjustments in the configuration file:
vim /etc/grafana/grafana.ini
Find and adjust the following variables as shown below:
http_addr = 127.0.0.1
root_url = %(protocol)s://%(domain)s/
Nginx Installation
Proceed with the Nginx installation:
apt install nginx
Create a configuration file for Grafana:
vim /etc/nginx/sites-available/grafana.conf
Add the following configuration:
server {
listen 80;
listen [::]:80;
server_name rrflow.yourdomain.com;
# Uncomment to restrict access to the listed IPs only
# allow 127.0.0.1;
# allow ::1;
# allow 192.168.0.0/16;
# allow 2801:db8::/32;
# deny all;
# error_page 403 http://www.rrflow.com.br;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
}
}
Create a symbolic link to enable the configuration and restart Nginx:
ln -s /etc/nginx/sites-available/grafana.conf /etc/nginx/sites-enabled/
systemctl restart nginx
SSL Certificate with Let’s Encrypt
Install Certbot to generate free SSL certificates with Letโs Encrypt:
apt install certbot python3-certbot-nginx
Run Certbot and follow the instructions to generate the certificate. Make sure ports 80 and 443 are open to the public:
certbot
Now your domain will have SSL!
Renew certificate
Certificates need to be renewed every 90 days. You can automate this with the command:
certbot -q renew
Auto renew
To try to renew the certificate automatically once a month, add the following line to cron:
echo '00 00 1 * * root certbot -q renew' >> /etc/crontab
systemctl restart cron