NetData is an open-source, real-time infrastructure monitoring platform capable of detecting and acting on events [Link].
Installation
wget -O /tmp/netdata-kickstart.sh https://get.netdata.cloud/kickstart.sh && sudo sh /tmp/netdata-kickstart.sh --non-interactive --auto-update --disable-telemetry --disable-cloud
Disable open sign-up.
sudo /etc/netdata/edit-config netdata.conf
ini[registry]
enabled = no
Disable cloud integration.
sudo /etc/netdata/edit-config cloud.conf
[global]
enabled = no
Lock the UI to a reverse proxy running on localhost.
sudo /etc/netdata/edit-config netdata.conf
[web]
bind to = 127.0.0.1
Apply all changes.
bashsudo systemctl restart netdata
Check the runtime configuration.
curl http://localhost:19999/netdata.conf
Configure NGINX as the reverse proxy with TLS certificates from Let’s Encrypt and Basic Auth at the edge.
sudo apt install nginx certbot python3-certbot-nginx -y nano /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
# (...)
location / {
auth_basic "NetData";
auth_basic_user_file /etc/nginx/.netdata_htpasswd;
proxy_pass http://127.0.0.1:19999;
proxy_set_header Host $host;
}
# (...)
}
Create an account.
sudo htpasswd -c /etc/nginx/.netdata_htpasswd administrator # Set a password when prompted. sudo nginx -t && sudo nginx -s reload
Issue the certificate for the domain or subdomain pointing to this server. Only port 80 needs to be publicly reachable.
certbot --nginx --non-interactive --agree-tos --redirect --email devops@example.com -d netdata.example.com
Navigate to the web UI to create a new account. Since cloud integration and open sign-up were disabled, the administrator will be prompted for a single-use token. Retrieve it with:
sudo cat /var/lib/netdata/netdata_random_session_id
SEE ALSO
Monitoring with Prometheus and Grafana [Link].
Endpoint Security with Wazuh [Link].