From 2a851e14c481c5d783b1fe5f97c069a26ee23c97 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 22 Dec 2024 16:31:06 +0100 Subject: [PATCH] initial commit --- README.Docs | 1 + README.configure | 45 ++++++++++++++ README.email-Alerting | 102 ++++++++++++++++++++++++++++++++ README.install | 39 +++++++++++++ README.nginx | 113 ++++++++++++++++++++++++++++++++++++ README.recover-admin-passwd | 26 +++++++++ 6 files changed, 326 insertions(+) create mode 100644 README.Docs create mode 100644 README.configure create mode 100644 README.email-Alerting create mode 100644 README.install create mode 100644 README.nginx create mode 100644 README.recover-admin-passwd diff --git a/README.Docs b/README.Docs new file mode 100644 index 0000000..73f4511 --- /dev/null +++ b/README.Docs @@ -0,0 +1 @@ +# see: https://grafana.com/docs/grafana/latest/ diff --git a/README.configure b/README.configure new file mode 100644 index 0000000..32aa587 --- /dev/null +++ b/README.configure @@ -0,0 +1,45 @@ +# --- +# see also: +# +# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/ +# https://stackoverflow.com/questions/64273881/reverse-proxy-nginx-with-grafana +# --- + + +# Example config for host 'grafana.ndneu.de' +# +[server] +protocol = http + +# The port to bind to, defaults to 3000 +http_port = 3002 + +# he public facing host name used to access grafana from a browser +domain = grafana.ndneu.de + +# The full public facing url you use in browser, used for redirects and emails +# If you use reverse proxy and sub path specify full url (with sub path) +root_url = %(protocol)s://%(domain)s:%(http_port)s + +# Redirect to correct domain if host header does not match domain +# Prevents DNS rebinding attacks +enforce_domain = true + +serve_from_sub_path = false + +enable_gzip = true + + +[log.file] +log_rotate = true +daily_rotate = true +max_days = 7 + + +[smtp] +enabled = true +host = a.mx.oopen.de:465 +user = grafana-nd +password = 24G%s.NSKJ/q +from_address = alert@grafana.ndneu.de +from_name = Grafana diff --git a/README.email-Alerting b/README.email-Alerting new file mode 100644 index 0000000..e6cb2c1 --- /dev/null +++ b/README.email-Alerting @@ -0,0 +1,102 @@ +# --- +# Configure email for Alerting +# --- + +# see: +# https://grafana.com/docs/grafana/latest/alerting/configure-notifications/manage-contact-points/integrations/configure-email/ + + +# Use the Grafana Alerting - email integration to send email notifications +# when your alerts are firing. An email is sent when an alert fires and +# when an alert gets resolved. +# +# Note that you can customize the subject and message of the email using +# notification templates. However, you cannot add HTML and CSS to email +# notifications for visual changes. + + +# --- +# I) SMTP configuration (grafana.ini) +# --- + +# 1. Edit the configuration file 'grafana.ini' typically located in +# the direcory '/etc/grafania' +# +# +# Within the [smtp] settings section, specify the following parameters: +# +# enabled = true +# +# # The hostname or IP address of your SMTP server, and the port number +# #of your SMTP server (commonly 25, 465, or 587). Default is localhost:25. +# host = a.mx.oopen.de:465 +# +# # Your SMTP username (if authentication is required). +# user = grafana-nd@oopen.de +# +# # Your SMTP password (if authentication is required). +# password = 24G%s.NSKJ/q +# +# # The email address from which Grafana notifications will be sent. +# from_address = alert@grafana.ndneu.de +# +# # The name associated with the from_address. +# from_name = Grafana +# +vim /etc/grafana/grafana.ini + + +# 2. Restart Grafana. +# +systemctl restart grafana-server.service + + + +# -- +# II) On Browserinterface set up email integration +# -- + +# 1. Navigate to Alerts & IRM -> Alerting -> Contact points. +# +# +# 2. Click + Add contact point. +# +# +# 3. Enter a contact point name. +# +# +# 4. From the Integration list, select Email. +# +# +# 5. Enter the email addresses you want to send notifications to. +# +# E-mail addresses are case sensitive. Ensure that the e-mail address entered is correct. +# +# +# 6. Click Test to check that your integration works. +# +# ** For Grafana Alertmanager only.** +# +# +# 7. Click Save contact point. + +# The email contact point is ready to receive alert notifications. +# ================================================================ + + +# -- +# Next steps +# --- + +# 1. In Grafana, navigate to Alerting > Alert rules. +# +# 2. Edit or create a new alert rule. +# +# 3. Scroll down to the Configure labels and notifications section. +# +# 4. Under Notifications click Select contact point. +# +# 5. From the drop-down menu, select the previously created contact point. +# +# 6. Click Save rule and exit. + diff --git a/README.install b/README.install new file mode 100644 index 0000000..0a1e83f --- /dev/null +++ b/README.install @@ -0,0 +1,39 @@ +# --- +# Install from APT repository +# --- + +# see: https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/ + +# Note +# Grafana Enterprise is the recommended and default edition. It is available +# for free and includes all the features of the OSS edition. You can also +# upgrade to the full Enterprise feature set, which has support for +# Enterprise plugins. + + +# 1. Install the prerequisite packages: +# +sudo apt-get install -y apt-transport-https software-properties-common wget + + +# 2. Import the GPG key: +# +sudo mkdir -p /etc/apt/keyrings/ +wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null + + +# 3. To add a repository for stable releases, run the following command: +# +echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list + + +# 4. Run the following command to update the list of available packages: +# +Run the following command to update the list of available packages: + + +# 5. To install Grafana OSS, run the following command: +# +# Installs the latest OSS release: +# +sudo apt-get install grafana diff --git a/README.nginx b/README.nginx new file mode 100644 index 0000000..f928b65 --- /dev/null +++ b/README.nginx @@ -0,0 +1,113 @@ +# --- +# type: +# +# 1. Adjust variables 'grafana_host_name' and 'grafana_port' and if not a +# standard installation also nginx concerning variables +# +# 2. source README.nginx +# +# --- + +grafana_host_name="grafana.ndneu.de" +grafana_port=3002 + + +nginx_path_sites_available="/etc/nginx/sites-available" +nginx_path_sites_enabled="/etc/nginx/sites-enabled" +nginx_config_file="${nginx_path_sites_available}/${grafana_host_name}.conf" + +cat << EOF > ${nginx_config_file} +# This is required to proxy Grafana Live WebSocket connections. +map \$http_upgrade \$connection_upgrade { + default upgrade; + '' close; +} + +upstream grafana { + server localhost:${grafana_port}; +} + +server { + listen 80; + listen [::]:80; + server_name ${grafana_host_name}; + + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name grafana.ndneu.de; + + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; + + + # Use Mozilla's guidelines for SSL/TLS settings + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + ssl_certificate /var/lib/dehydrated/certs/grafana.ndneu.de/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/grafana.ndneu.de/privkey.pem; + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + # + # To generate a dhparam.pem file, run in a terminal + # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 + # + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # Speeds things up a little bit when resuming a session + ssl_session_timeout 1d; + #ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; + + root /usr/share/nginx/html; + + index index.html index.htm; + + location / { + proxy_set_header Host \$host; + proxy_pass http://grafana; + } + + # Proxy Grafana Live WebSocket connections. + location /api/live/ { + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection \$connection_upgrade; + proxy_set_header Host \$host; + proxy_pass http://grafana; + } +} +EOF + +# Delete existin symlink +# +if [[ -f "${nginx_path_sites_enabled}/$(basename "${nginx_config_file}")" ]] ; then + rm "${nginx_path_sites_enabled}/$(basename "${nginx_config_file}")" +fi + +# Activate site +# +ln -s "../sites-available/$(basename "${nginx_config_file}")" \ + "${nginx_path_sites_enabled}/$(basename "${nginx_config_file}")" diff --git a/README.recover-admin-passwd b/README.recover-admin-passwd new file mode 100644 index 0000000..5e53acb --- /dev/null +++ b/README.recover-admin-passwd @@ -0,0 +1,26 @@ +# --- +# Recover your grafana admin password using sqlite shell +# --- + +# One day you can lose your grafana admin password and probably you will desire +# to recover it rather than reinstall. If your grafana has been using sqlite as +# backend storage, the recover process is easy. Here are the steps to do that: +# +# In your local machine, install the sqlite3 package +# +sudo apt-get install sqlite3 + + +# Login into your sql database + +sudo sqlite3 /var/lib/grafana/grafana.db + + +# Reset the admin password using SQL update (the new password will be admin) + +sqlite> update user set password = '59acf18b94d7eb0694c61e60ce44c110c7a683ac6a8f09580d626f90f4a242000746579358d77dd9e570e83fa24faa88a8a6', salt = 'F3FAxVm33R' where login = 'admin'; +sqlite> .exit + +# *** +# Now, you could login in your grafana web interface using username: admin and password: admin +# ***