SystemMen - How to set up HTTPS for InfluxDB server? You know, in today’s internet environment, data security is very important. Using HTTPS in database will make the data transfer between client and database server safer.
This article will show you how to enable HTTPS in the InfluxDB server.
Set up HTTPS for InfluxDB with a self-signed certificate
In this article, I assume that the InfluxDB server is in your company’s DC and the communication between servers only requires a self-signed SSL certificate.
If you want to configure HTTPS for InfluxDB using CA certificates, read this article.
Step 1: Create a self-signed certificate
You run the following command to create a self-signed certificate for the InfluxDB server. In the below command, I leave 365 days (ie 1 year), you can adjust that number as you like.
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/influxdb-selfsigned.key -out /etc/ssl/influxdb-selfsigned.crt -days 365
You need to fill in some information as below. Change information that matches your.
[root@influxdb ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/influxdb-selfsigned.key -out /etc/ssl/influxdb-selfsigned.crt -days 365 Generating a 2048 bit RSA private key .............................................+++ .........................................................................................................................................+++ writing new private key to '/etc/ssl/influxdb-selfsigned.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:VN State or Province Name (full name) []:Viet Nam Locality Name (eg, city) [Default City]:Da Nang Organization Name (eg, company) [Default Company Ltd]:SystemMen.com Organizational Unit Name (eg, section) []:Danie Pham Common Name (eg, your name or your server's hostname) []: Email Address []:
Grant permission to self-signed certificate.
chown influxdb:influxdb /etc/ssl/influxdb-selfsigned.*
Step 2: Enable HTTP in the configuration file
By default, HTTPS is disabled in this database server. To use HTTPS, you need to edit in its configuration file.
Open the file /etc/influxdb/influxdb.conf, navigate to the [http] section and adjust the information below.
From:
# Determines whether HTTPS is enabled. # https-enabled = false # The SSL certificate to use when HTTPS is enabled. # https-certificate = "/etc/ssl/influxdb.pem" # Use a separate private key location. # https-private-key = ""
To:
# Determines whether HTTPS is enabled. https-enabled = true # The SSL certificate to use when HTTPS is enabled. https-certificate = "/etc/ssl/influxdb-selfsigned.crt" # Use a separate private key location. https-private-key = "/etc/ssl/influxdb-selfsigned.key"
Save file changes.
Step 3: Restart influxdb service
You need restart influxdb service to apply new changes.
systemctl restart influxdb
Step 4: Verify HTTPS has set up successfully
Now, type the following command to verify HTTPS has successfully. Change 127.0.0.1 to your server’s IP address.
influx -ssl -unsafeSsl -host 127.0.0.1
If the result is the same as below, you are successful.
[root@influxdb ~]# influx -ssl -unsafeSsl -host 127.0.0.1 Connected to https://127.0.0.1:8086 version 1.7.7 InfluxDB shell version: 1.7.7 >
If you get results like this, then you need to check the configuration file.
Failed to connect to https://127.0.0.1:8086: Get https://127.0.0.1:8086/ping: http: server gave HTTP response to HTTPS client Please check your connection settings and ensure 'influxd' is running.
Conclusion
Setting up HTTPS for InfluxDB server is a necessity. It helps the data transmitted from the client to the InfluxDB server be encrypted, and as such, the data will be more secure. It helps data avoid sniffing by someone.
«« How to install InfluxDB in CentOS 7What is GIT and Version Control System? »»
