Netdata is a distributed, real-time performance and health monitoring tool for systems and applications. It is a highly-optimized monitoring agent that can be installed on Linux servers.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Netdata queries.
In this guide, we will show you how to install Netdata and prevent public access to its web area because Netdata does not have an authentication feature.
What is needed for this Installation to go through;
- A Root access to a Server.
- A fresh instance of a CentOS or Ubuntu Linux Distribution.
1. Installation and Configuration of Netdata
i. Installation
To make a successful installation of Netdata, you can use the bash script provided by Netdata.
Enter the command below to implement this;
$ bash <(curl -Ss https://my-netdata.io/kickstart.sh)
You will see a similar activity as shown above.
As soon as Netdata installation is complete, the service will be automatically started and enabled. To confirm the status, simply run the command below;
$ systemctl status netdata
Then you will be able to access Netdata web portal via;
Your_server_ip:19999Where "Your_server_ip" is your server.
ii. Configuration
To configure Netdata correctly, you need to ensure that it listens to 127.0.0.1 because we don’t want it to be accessible on the web.
To implement this, do the following:
Edit /etc/netdata/netdata.conf , Use the following command ;
In Ubuntu, enter;
sudo nano /etc/netdata/netdata.conf
In CentOS, use;
vi /etc/netdata/netdata.conf
All you must do now is to uncomment “bind to” as follows;
bind to = 127.0.0.1
2. Install and Configure Nginx
To enable access to the web portal by the Netdata, we need to install Nginx to set up reverse proxy.
How to install Nginx ?
To install Nginx, run the following command;
In Debian/Ubuntu, use;
$ sudo apt install nginx apache2-utilsIn CentOS, use;
$ sudo yum install Nginx apache2-utilsAuthentication Processing
We need to create a username and password. use the command below;
$ sudo htpasswd -c /etc/nginx/.htpasswd username1 Where the assigned username is "username1", you will be prompted to enter a password and that would be your Nginx password.
To confirm that the username and password has been correctly implemented, use the following command;
$ cat /etc/nginx/.htpasswd
Nginx Configuration
Edit your Nginx configuration which is usually located in the /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx Directory.
In Ubuntu, use;\
$ sudo nano /usr/local/nginx/confIn Centos, Use;
$ vi /usr/local/nginx/confWe will change the http block within the configuration file. So, locate the http block section!
It will be like;
upstream backend { server 127.0.0.1:19999; keepalive 64;} server { listen <10.0.0.1>:80; server_name ; auth_basic "Protected"; auth_basic_user_file /etc/nginx/.htpasswd; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; }}Replace the <10.0.0.1> with your server ip, and <domain.com> with your domain.
Next, you should save the file and confirm it with the following command;
$ sudo nginx -t
For error check, reload Nginx by using the command below;
$ sudo systemctl reload nginx
Finally, to test your netdata, enter your server ip or domain on a web browser.
Remarks
We have successfully done a setup of Netdata on a Linux server. Contact us, if you need us to get it set up on your own server. We offer Linux Server installation and configuration services.
