NetData is an open-source, real-time infrastructure monitoring platform capable of detecting and acting on events [Link].

Installation

wget -O /tmp/netdata-kickstart.sh https://get.netdata.cloud/kickstart.sh && sudo sh /tmp/netdata-kickstart.sh --non-interactive --auto-update --disable-telemetry --disable-cloud

Disable open sign-up.

sudo /etc/netdata/edit-config netdata.conf
ini[registry]
    enabled = no

Disable cloud integration.

sudo /etc/netdata/edit-config cloud.conf
[global]
    enabled = no

Lock the UI to a reverse proxy running on localhost.

sudo /etc/netdata/edit-config netdata.conf
[web]
    bind to = 127.0.0.1

Apply all changes.

bashsudo systemctl restart netdata

Check the runtime configuration.

curl http://localhost:19999/netdata.conf

Configure NGINX as the reverse proxy with TLS certificates from Let’s Encrypt and Basic Auth at the edge.

sudo apt install nginx certbot python3-certbot-nginx -y
nano /etc/nginx/sites-enabled/default
server {
  listen 80 default_server;
  # (...)
  location / {
    auth_basic "NetData";
    auth_basic_user_file /etc/nginx/.netdata_htpasswd;
    proxy_pass http://127.0.0.1:19999;
    proxy_set_header Host $host;
  }
  # (...)
}

Create an account.

sudo htpasswd -c /etc/nginx/.netdata_htpasswd administrator
# Set a password when prompted.
sudo nginx -t && sudo nginx -s reload

Issue the certificate for the domain or subdomain pointing to this server. Only port 80 needs to be publicly reachable.

certbot --nginx --non-interactive --agree-tos --redirect --email devops@example.com -d netdata.example.com

Navigate to the web UI to create a new account. Since cloud integration and open sign-up were disabled, the administrator will be prompted for a single-use token. Retrieve it with:

sudo cat /var/lib/netdata/netdata_random_session_id

SEE ALSO

Monitoring with Prometheus and Grafana [Link].

Endpoint Security with Wazuh [Link].