Influxdb unix socket behind an nginx reverse proxy

#1

Hello Everyone!

I am having trouble configuring influxdb behind a reverse proxy.

My nginx config is:

server {
 
     listen 443 ssl;
     server_name dev.influx.foo.com www.dev.influx.foo.com;
 
     ssl on;
     ssl_certificate             /etc/letsencrypt/live/dev.influx.foo.com/fullchain.pem;
     ssl_certificate_key        /etc/letsencrypt/live/dev.influx.foo.com/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/dev.influx.foo.com/fullchain.pem;
 
 
     location / {
         proxy_pass http://unix:/var/run/influxdb.sock;
     }
 }

The relevant parts of my /etc/influxdb/influxdb.conf are:

[http]
enabled = true
bind-address = ":8086"
auth-enabled = true
log-enabled = true
access-log-path = "/var/log/influxdb"
https-enabled = true
https-certificate = "/etc/letsencrypt/live/dev.influx.foo.com/fullchain.pem"
https-private-key = "/etc/letsencrypt/live/dev.influx.foo.com/privkey.pem"
shared-secret = "a8hfoout25"
unix-socket-enabled = true
bind-socket = "/var/run/influxdb.sock"

Permissions for those certificates are:

 ❯ sudo ls -lah /etc/letsencrypt/live/dev.influx.foo.com                                                                   [19:41:43]
total 4.0K
drwxr-xr-x. 2 root root  93 Sep 13 09:41 .
drwx------. 3 root root  50 Sep 13 09:41 ..
lrwxrwxrwx. 1 root root  60 Sep 13 09:41 cert.pem -> ../../archive/dev.influx.foo.com/cert1.pem
lrwxrwxrwx. 1 root root  61 Sep 13 09:41 chain.pem -> ../../archive/dev.influx.foo.com/chain1.pem
lrwxrwxrwx. 1 root root  65 Sep 13 09:41 fullchain.pem -> ../../archive/dev.influx.foo.com/fullchain1.pem
lrwxrwxrwx. 1 root root  63 Sep 13 09:41 privkey.pem -> ../../archive/dev.influx.foo.com/privkey1.pem
-rw-r--r--. 1 root root 682 Sep 13 09:41 README

my systemd file for influx (/etc/systemd/system/influxdb.service:

[Unit]
Description=influxDB timeseries database service
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
ExecStart=/usr/bin/influxd -config /etc/influxdb/influxdb.conf

[Install]
WantedBy=multi-user.target

I am trying to connect from my local machine with the influxDB Python client like so:

influxdb_client = InfluxDBClient(host='dev.influx.foo.com', 
                                                   port=443, 
                                                   username='develop_user', 
                                                   password='hunter2', 
                                                   database='mydb,
                                                   ssl=True,
                                                   verify_ssl=False)

png = influxdb_client.ping()
print(png)

I have tried seemingly every combination of the port (443, 8086, 8087) on the db client

I have tried setting the nginx proxypass protocol (http, https)

Do you guys see anything wrong with my setup? I have even disabled firewalld and set sudo setenforce = 0. I get various errors in the nginx access / error log depending on the configuration. The range from 502 bad gateway to connection refused. Let me know if the specific tracebacks for a specific configuration are needed and I will get you whatever you need. Thanks!! (I am excited to get this live. I have hooked Grafa to it and it is amazing)

#3

Hello,

Is nginx user who runs Nginx can read/write access to InfluxDBs socket?
Please post this commands outputs:

ls -la /var/run/influxdb.sock