search

influxdata / sandbox

A sandbox for the full TICK stack
MIT License
485 stars 219 forks source link

How to enable basic auth with read access only for a new user? #82

Open Svastikkka opened 1 year ago

Svastikkka commented 1 year ago

Hello We are trying to setup basic auth for new user with read only access for chronograf but we not able to create new user with readonly access. Any suggestion or approach We are using .htpasswd to setup admin basic auth

Our htpasswd

ravit:$apr1$x45D.lah$ybTTur0jfCkVkVCQkZ3U10
manshu:$apr1$ZLXOnX8o$4WtOYcfulYxSX/ikz/1AQ.

Our docker-compose.yml

version: '3'
services:
  influxdb:
    # Full tag list: https://hub.docker.com/r/library/influxdb/tags/
    build:
      context: ./images/influxdb/
      dockerfile: ./${TYPE}/Dockerfile
      args:
        INFLUXDB_TAG: ${INFLUXDB_TAG}
    image: "influxdb"
    # volumes:
      # Mount for influxdb data directory
      # - ./influxdb/data:/var/lib/influxdb
      # Mount for influxdb configuration
      # - ./influxdb/config/:/etc/influxdb/
    ports:
      # The API for InfluxDB is served on port 8086
      - "17273:8086"
      - "17274:8082"
      # UDP Port
      - "17275:8089/udp"

  telegraf:
    # Full tag list: https://hub.docker.com/r/library/telegraf/tags/
    build:
      context: ./images/telegraf/
      dockerfile: ./${TYPE}/Dockerfile
      args:
        TELEGRAF_TAG: ${TELEGRAF_TAG}
    image: "telegraf"
    environment:
      HOSTNAME: "telegraf-getting-started"
    # Telegraf requires network access to InfluxDB
    links:
      - influxdb
    volumes:
      # Mount for telegraf configuration
      - ./telegraf/:/etc/telegraf/
      # Mount for Docker API access
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - influxdb

  kapacitor:
  # Full tag list: https://hub.docker.com/r/library/kapacitor/tags/
    build:
      context: ./images/kapacitor/
      dockerfile: ./${TYPE}/Dockerfile
      args:
        KAPACITOR_TAG: ${KAPACITOR_TAG}
    image: "kapacitor"
    volumes:
      # Mount for kapacitor data directory
      # - ./kapacitor/data/:/var/lib/kapacitor
      # Mount for kapacitor configuration
      - ./kapacitor/config/:/etc/kapacitor/
    # Kapacitor requires network access to Influxdb
    links:
      - influxdb
    ports:
      # The API for Kapacitor is served on port 9092
      - "17276:9092"

  chronograf:
    # Full tag list: https://hub.docker.com/r/library/chronograf/tags/
    build:
      context: ./images/chronograf
      dockerfile: ./${TYPE}/Dockerfile
      args:
        CHRONOGRAF_TAG: ${CHRONOGRAF_TAG}
    image: "chrono_config"
    hostname: thor
    environment:
      RESOURCES_PATH: "/usr/share/chronograf/resources"
      # GOOGLE_CLIENT_ID: "232136951997-lddjksgah8q49u9qivo1kf3hdp57ihkp.apps.googleusercontent.com"
      # GOOGLE_CLIENT_SECRET: "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"
      # TOKEN_SECRET: "Super5uperUdn3verGu355!"
      GOOGLE_DOMAINS: "thor.com"
      HTPASSWD: "/tmp/.htpasswd"
      HOST: "0.0.0.0"
      PORT: "17277"

      PUBLIC_URL: "http://thor.com:8888"
    # volumes:
      # Mount for chronograf database
      # - ./chronograf/data/:/var/lib/chronograf/
    links:
      # Chronograf requires network access to InfluxDB and Kapacitor
      - influxdb
      - kapacitor
    ports:
      # The WebUI for Chronograf is served on port 8888
      - "17277:17277"
    depends_on:
      - kapacitor
      - influxdb
      - telegraf
    volumes:
      - ./auth:/tmp/ 

  documentation:
    build:
      context: ./documentation
    ports:
      - "17278:3000"

Reference: https://docs.influxdata.com/chronograf/v1/administration/managing-influxdb-users/