How to set up HTTPS for InfluxDB server

by Daniel Pham
Published: Updated:

How to set up HTTPS for InfluxDB server? You know, in today’s internet environment, data security is very important. Using HTTPS in database will make the data transfer between client and database server safer.

This article will show you how to enable HTTPS in the InfluxDB server.

Set up HTTPS for InfluxDB with a self-signed certificate

In this article, I assume that the InfluxDB server is in your company’s DC and the communication between servers only requires a self-signed SSL certificate.

If you want to configure HTTPS for InfluxDB using CA certificates, read this article.

Step 1: Create a self-signed certificate

You run the following command to create a self-signed certificate for the InfluxDB server. In the below command, I leave 365 days (ie 1 year), you can adjust that number as you like.

openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/influxdb-selfsigned.key -out /etc/ssl/influxdb-selfsigned.crt -days 365

You need to fill in some information as below. Change information that matches your.

[root@influxdb ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/influxdb-selfsigned.key -out /etc/ssl/influxdb-selfsigned.crt -days 365
Generating a 2048 bit RSA private key
.............................................+++
.........................................................................................................................................+++
writing new private key to '/etc/ssl/influxdb-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:VN
State or Province Name (full name) []:Viet Nam
Locality Name (eg, city) [Default City]:Da Nang
Organization Name (eg, company) [Default Company Ltd]:SystemMen.com
Organizational Unit Name (eg, section) []:Danie Pham
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Grant permission to self-signed certificate.

chown influxdb:influxdb /etc/ssl/influxdb-selfsigned.*

Step 2: Enable HTTP in the configuration file

By default, HTTPS is disabled in this database server. To use HTTPS, you need to edit in its configuration file.

set up https for influxdb server
Set up HTTPS for InfluxDB server.

Open the file /etc/influxdb/influxdb.conf, navigate to the [http] section and adjust the information below.

From:

  # Determines whether HTTPS is enabled.
  # https-enabled = false

  # The SSL certificate to use when HTTPS is enabled.
  # https-certificate = "/etc/ssl/influxdb.pem"

  # Use a separate private key location.
  # https-private-key = ""

To:

  # Determines whether HTTPS is enabled.
  https-enabled = true

  # The SSL certificate to use when HTTPS is enabled.
  https-certificate = "/etc/ssl/influxdb-selfsigned.crt"

  # Use a separate private key location.
  https-private-key = "/etc/ssl/influxdb-selfsigned.key"

Save file changes.

Step 3: Restart influxdb service

You need restart influxdb service to apply new changes.

systemctl restart influxdb

Step 4: Verify HTTPS has set up successfully

Now, type the following command to verify HTTPS has successfully. Change 127.0.0.1 to your server’s IP address.

influx -ssl -unsafeSsl -host 127.0.0.1

If the result is the same as below, you are successful.

[root@influxdb ~]# influx -ssl -unsafeSsl -host 127.0.0.1
Connected to https://127.0.0.1:8086 version 1.7.7
InfluxDB shell version: 1.7.7
>

If you get results like this, then you need to check the configuration file.

Failed to connect to https://127.0.0.1:8086: Get https://127.0.0.1:8086/ping: http: server gave HTTP response to HTTPS client
Please check your connection settings and ensure 'influxd' is running.

Conclusion

Setting up HTTPS for InfluxDB server is a necessity. It helps the data transmitted from the client to the InfluxDB server be encrypted, and as such, the data will be more secure. It helps data avoid sniffing by someone.

(This is an article from my old blog that has been inactive for a long time, I don’t want to throw it away so I will keep it and hope it helps someone).

0 0 votes
Article Rating

You may also like

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.

SUPPORT US

FOLLOW US

Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 DevOpsLite.com – All rights reserved.

Please write sources “DevOpsLite.com” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

0
Would love your thoughts, please comment.x
()
x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.