Using a reverse proxy (nginx) to forward 443 traffic to Influxdb 2.0 port 8086 worked flawlessly for me.
I use InfluxDB internally, on influx.local.mytld.com. I wanted to use my Split-DNS Let’s Encrypt Wildcard Certs and also did not want to always apply :8086 when opening the web interface.
This is my nginx conf:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name influx.local.mytld.com;
ssl on;
ssl_certificate /etc/nginx/ssl/wildcard.local.mytld.com.fullchain;
ssl_certificate_key /etc/nginx/ssl/wildcard.local.mytld.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:8086;
proxy_redirect off;
proxy_http_version 1.1;
proxy_max_temp_file_size 10m;
proxy_connect_timeout 20;
proxy_send_timeout 20;
proxy_read_timeout 20;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Original-For $proxy_add_x_forwarded_for;
proxy_set_header X-Original-Proto https;
proxy_cache_bypass $http_upgrade;
}
}
Now, when I go to https://influx.local.mytld.com,
the InfluxDB frontend opens.
Note that all metric collectors must be configured to use port 443 instead of 8086, and they must also have the current SSL certs avialable. In Telegraf, you must use ssl:// for the output plugin. I also tested this with other tools, e.g. the native InfluxDB Metric Collector in Proxmox, works without issues so far.
