Setting up password protection for Chronograf

This is probably a simple question.

I have InfluxDB and Chronograf running nicely as services on a virtual private server. I now want to password-protect Chronograf so that a username and password are required to view data.

I have looked at https://docs.influxdata.com/chronograf/v1.7/administration/managing-security/#chronograf-security and not having set up anything like this before, I don’t know where to “set the environment variable” (i.e. TOKEN_SECRET = )

Is this in a config file somewhere? Or can someone point me to a newbie-friendly explanation?

There’s only oauth authentication methods, if you want only user/password you’d need to have e.g. nginx infront: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

Note that the oauth method works just fine with local IPs too, so you could just set that up instead.

Thanks very much. I understand there are only 0auth authentication methods.

In the instructions at the link I posted, it mentions setting the environment variable “TOKEN_SECRET”, which I assume refers to something in a config file somewhere. But I don’t know where this is supposed to be, as the page doesn’t mention it. Any ideas?

My bad, I have skimmed the OP and title.

These configs are set via environment variables as can be seen here: https://docs.influxdata.com/chronograf/v1.7/administration/managing-security/#configure-github-authentication

I used it inside docker, so I was able to just pass those in, but I assume you run it on bare metal, then theres these examples: https://www.cyberciti.biz/faq/set-environment-variable-linux/ (see: “How Do I Make All Settings permanent?”)

You could also spawn the actual process with arguments, as described in the influx link above, e.g. --github-client-id=, probably by editing the service file created by influx - but that’s out of my range as I didn’t have the need for it just yet.