Closed todd-berger closed 5 years ago
TL;DR no
Let me give you our configuration of one node
NGINX listen on 80 + 443 (default port) influxdb-relay listen on 9096 (default port) influxdb listen on 8086 (default port) and our customers access on port 443
NGINX
server {
listen x.x.x.x:443 ssl http2;
server_name influxdb.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/STAR.example.com.pem;
ssl_certificate_key /etc/ssl/private/STAR.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA512;
ssl_prefer_server_ciphers on;
index index.html index.htm index.php;
access_log /var/log/nginx/influxdb.example.com_access.log combined;
error_log /var/log/nginx/influxdb.example.com_error.log;
gzip off;
# landing page
location / {
root /var/www/influxdb.example.com;
index index.html index.htm index.php;
}
location /api/v1/prom/read {
proxy_pass http://localhost:8086;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.com-read-from-prometheus_access.log combined;
error_log /var/log/nginx/influxdb.example.com-read-from-prometheus_error.log;
}
location /query {
limit_except GET { allow x.x.x.x/24;
allow x.x.x.x/24;
deny all; }
proxy_pass http://localhost:8086;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.com-query_access.log combined;
error_log /var/log/nginx/influxdb.example.com-query_error.log;
}
location /api/v1/prom/write {
limit_except POST { deny all; }
proxy_pass http://x.x.x.x:9096;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.com-write-from-prometheus_access.log combined;
error_log /var/log/nginx/influxdb.example.com-write-from-prometheus_error.log;
}
location /status {
limit_except GET { deny all; }
proxy_pass http://localhost:8086;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.com-status_access.log combined;
error_log /var/log/nginx/influxdb.example.com-status_error.log;
}
location /write {
limit_except POST { deny all; }
proxy_pass http://x.x.x.x:9096;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.comwrite_access.log combined;
error_log /var/log/nginx/influxdb.example.com-write_error.log;
}
location /ping {
limit_except GET { deny all; }
proxy_pass http://localhost:8086;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
access_log /var/log/nginx/influxdb.example.com-ping_access.log combined;
error_log /var/log/nginx/influxdb.example.com-ping_error.log;
}
}
influxdb-relay
[[http]]
name = "http-relay"
bind-addr = "x.x.x.x:9096"
health-timeout-ms = 1000
[[http.output]]
name = "influxdb-local"
location = "http://influxdb01.example.com:8086"
endpoints = { write="/write", write_prom="/api/v1/prom/write", ping="/ping", query="/query" }
timeout = "30s"
[[http.output]]
name = "influxdb02"
location = "http://influxdb02.example.com:8086"
endpoints = { write="/write", write_prom="/api/v1/prom/write", ping="/ping", query="/query" }
timeout = "30s"
influxdb
[http]
enabled = true
bind-address = "0.0.0.0:8086"
Thanks for the detailed response. i'm doing something similar.
cheers,
Does the relay support read as well as write or is it necessary to have a load balancer redirect /query to the backend endpoints? It's unclear in the docs. I have a successfull configuration setup for writes but neither grafana nor the influx cli works for reads. They work directly against the backend however.
My config is:
-- toml --
InfluxDB
[[http]] name = "xxxx-influxdb-relay" bind-addr = "0.0.0.0:9096" default-ping-response = 200 health-timeout-ms = 10000
[[http.output]] name="influxdb01" location = "http://xxxx:yyy/" endpoints = {write="/write", ping="/ping?verbose=true", query="/query"} timeout="10s" buffer-size-mb = 100 max-batch-kb = 50 max-delay-interval = "5s"
EOF