InfluxDB 2 Config file + SSL

Hi,
I’m new to both InfluxDB and newish to Linux.

I’m trying to setup influxdb + telegraf (then Grafana). Now i’ve got the basics install, influxdb and telegraf and all is running and telegraf is sending data on the local machine.

Now i want to get influx+telegraf into SSL HTTPS. but having issues getting a config file setup and running.

If i manually run

influxd --tls-cert="/etc/letsencrypt/live//fullchain.pem" --tls-key="/etc/letsencrypt/live//privkey.pem"

that runs and i can get onto the web ui via https://:8086

I installed on CentOS8 via the RPM package so run via systemctl. How do i create a config file and add the SSL certificates to get it running under https?
I’ve tried creating a .yml file and setting the config file path

export INFLUXD_CONFIG_PATH=/etc/influxdb/influxdb.yml

But that doesn’t seem to do anything.
Also tried

influx config create --active -n config-name -u http://localhost:8086 -t mySuP3rS3cr3tT0keN -o example-org

but not sure where to edit and add the SSL stuff.

Hello @hobbit666,
Have you taken a look at:
https://docs.influxdata.com/influxdb/v2.0/security/enable-tls/?

Yeah I have and it works when I run that command.

But I’ve installed via RPM so it’s running as a service. So how do I get the SSL running with the service?

I’m think from the docs I need a configuration file but can’t seem to work out how.

You should already have a configuration file. But which config file are you referring to? What step are you stuck on?

Hi, @hobbit666 same problem here…
did you found a solution for your problem.

No kind of gave up for now and stuck to v1.
Might try it again soon

1 Like

Same issue here. I can manually start influxd with the SSL parameters as mentioned in the docs, and it works. Influx also starts on reboot as I enabled it in systemctl but it does not start with SSL enabled. Not sure where to define that specifically.

you will find this article useful if you haven’t already fixed this:
https://docs.influxdata.com/influxdb/v2.0/reference/config-options/

basically you have the option to add lines to the config file ( /etc/influxdb/config.toml )
e.g - add this for the toml file:

tls-cert = "/path/to/influxdb.crt"
tls-key = "/path/to/influxdb.key"

or this for yaml:

tls-cert: /path/to/influxdb.crt
tls-key: /path/to/influxdb.key

or you can choose to add arguments to your service configuration file at:
/lib/systemd/system/influxdb.service (for centos)
you will find more info here:
https://docs.influxdata.com/influxdb/v2.0/get-started/?t=Linux

Hello,
Working with docker-compose, config.toml seems to have no effect on TLS.
Also, I can’t find any details about using docker environment variables for V2. INFLUXDB_HTTP_HTTPS_CERTIFICATE and INFLUXDB_HTTP_HTTPS_PRIVATE_KEY are working fine with influxdb 1.8.3 but not with 2.0.6…
Thx !

Some update about ssl in influx 2.0.6???
FROM influxdb:latest

LABEL description=“InfluxDB image” version=“1.0.0”

ENV DOCKER_INFLUXDB_INIT_MODE=setup

ENV DOCKER_INFLUXDB_INIT_USERNAME=user

ENV DOCKER_INFLUXDB_INIT_PASSWORD=pass

ENV DOCKER_INFLUXDB_INIT_ORG=org

ENV DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=tokn

ENV DOCKER_INFLUXDB_INIT_BUCKET=bucket

ENV DOCKER_INFLUXDB_INIT_RETENTION=365d

ENV INFLUXD_HTTP_BIND_ADDRESS=:8086

ENV INFLUXD_HTTP_IDLE_TIMEOUT=3m0s

ENV INFLUXD_HTTP_READ_HEADER_TIMEOUT=10s

ENV INFLUXD_HTTP_READ_TIMEOUT=15s

ENV INFLUXD_HTTP_WRITE_TIMEOUT=15s

ENV INFLUXD_LOG_LEVEL=info

ENV INFLUXD_QUERY_CONCURRENCY=20

ENV INFLUXD_SECRET_STORE=bolt

ENV INFLUXD_SESSION_LENGTH=60

ENV INFLUXD_BOLT_PATH=/var/lib/influxdb2/influxd.bolt

ENV INFLUXD_ENGINE_PATH=/var/lib/influxdb2/engine

ENV INFLUXD_TLS_CERT=…/cert.pem

ENV INFLUXD_TLS_KEY=…/key.pem

ENV INFLUXD_TLS_MIN_VERSION=1.2

ENV INFLUXD_TLS_STRICT_CIPHERS=true

ENV INFLUXD_TRACING_TYPE=log

EXPOSE 8086 8083 443

This is my dockerfile, SSL dont work, it execute this “lvl=info msg=Listening log_id=0U6evMlW000 service=tcp-listener transport=http addr=:9999 port=9999” and then go down

verify your config settings:

#influx config ls
Active Name URL Org
jozefina http://192.168.0.105:8086 influxdata
default https://ruth:8086 ooo

if not HTTPS in your URL you have to update that config record

i forgot to mention one more note: if you run once influx as root with influxd and then later set it as service with systemctl it is running under influxd user.

https://docs.influxdata.com/influxdb/v2.0/get-started/?t=Linux

i cannot find the link now, but it was mention somewhere and i know i caused me problems

Check out the replies on this thread:

Good luck