Proxies Telegraf via Nginx - certificate signed by unknown authority


Recently, was looking into tick stack, seems that no matter how I proxied influxdbv2 to nginx proxy from localhost:8086 to see the UI/UX . We receive the following if we use the default telegraf onboarding.

Any ideas would be greatly appreciated.

14:28:28 [cosmic: **~** ] 12.899589250277778h53.975355016666676m58.521301000000676s 255 **%** export INFLUX_TOKEN=NNiZgN7KoH69eSK9fObxhxmqTNIflmG_H87791EIR7ZOMRO3uGDULaut72-2qEq7r3tHWKkGaT2EtnGezP9yAw==
20:32:51 [cosmic: **~** ] **%** telegraf --config
2021-02-18T19:33:00Z I! Starting Telegraf 1.17.2
2021-02-18T19:33:01Z E! [telegraf] Error running agent: Error loading config file Get "": x509: certificate signed by unknown authority

I am not sure if this solves the problem:
Disable the cert verification in the outputs.influxdb_v2 plugin?

  ## Use TLS but skip chain & host verification
  insecure_skip_verify = true

Edit1: Maybe not the solution, because your url seems to have not a self-signed certificate…

Edit2: Maybe update Telegraf to 1.17.3
There is a note in the release notes regarding cert:

I have checked the notes, thats about a time out, that is not the case here, while the https:// version of the site behind nginx proxy works with lets encrypt without issues.

Once I have tried insecure_skip_verify, I will get another error:

2021-02-18T20:33:48Z I! Starting Telegraf 1.17.2
2021-02-18T20:33:48Z I! Using config file: /etc/telegraf/telegraf.conf
2021-02-18T20:33:48Z E! [telegraf] Error running agent: Error loading config file /etc/telegraf/telegraf.conf: Error parsing data: line 804: key `insecure_skip_verify' is in conflict with line a3d

When I revert to normal, will get:

2021-02-18T20:37:28Z E! [telegraf] Error running agent: Error loading config file /etc/telegraf/telegraf.conf: plugin outputs.influxdb_v2: line 105: configuration specified the fields ["database" "username" "password"], but they weren't used

What happens if you try to download the config file from the machine running Telegraf with curl or wget? Does that work?

Edit: Forget it, i tried this with my InfluxDB Cloud, curl does not work here, you need the INFLUX_TOKEN as well to get access to the remote config file…

I have switched back to version 1, and just testing a new stack, now facing completely new issue thats even more weirder, where the port allocation is not working, while is not even used:

[centos@apa docker-tick-stack-grafana]$ docker-compose up -d
WARNING: The Docker Engine you're using is running in swarm mode.

Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node.

To deploy your application across the swarm, use `docker stack deploy`.

influxdb is up-to-date
kapacitor1 is up-to-date
Creating grafana ... 
Creating influxdb-cli ... 
Creating telegraf     ... 
Creating telegraf     ... error
Creating grafana      ... done
Creating influxdb-cli ... done

Creating kapacitor    ... done
Creating chronograf   ... done

ERROR: for telegraf  Cannot start service telegraf: driver failed programming external connectivity on endpoint telegraf (cd975c226b369da09c0508fc540e9ec3f6edef331593b5d8e259dbff237194fc): Bind for failed: port is already allocated
ERROR: Encountered errors while bringing up the project.
[centos@apa docker-tick-stack-grafana]$ netstat -natr | grep 8125
[centos@apa docker-tick-stack-grafana]$ sudo lsof -i -P -n | grep 8125
[centos@apa docker-tick-stack-grafana]$ netstat | grep 8125