InfluxDB v2 UI behind Traefik

Traefik Traefik v2 (latest)
,
1

Hello all,
Has anyone managed to get the InfluxDB v2 UI to work behind Traefik v2.4.8?

I configured tcp routers etc for InfluxDB on port 8086 and it's accessible in passthrough tls mode (that's what I want)

The influxdb container is running fine, however, the UI is inaccessible. I get error 404 page not found when I access the defined URI

      ## TCP Routers/Service
      - "traefik.tcp.routers.influxdb-rtr.entrypoints=websec-ep"
      - "traefik.tcp.routers.influxdb-rtr.rule=HostSNI(`influx.${BASE_DOMAIN}`)"
      - "traefik.tcp.routers.influxdb-rtr.tls.passthrough=true"
      - "traefik.tcp.routers.influxdb-rtr.service=influxdb-svc"
      - "traefik.tcp.services.influxdb-svc.loadbalancer.server.port=8086"

Any ideas or assistance would be greatly appreciated.

Thanks in advance

2

Hi, i also want to run influxdb2 behind traefik. I also want to use the TLS Certificate, which i have created with lets encrypt. This already works for my other containers. I have set a DNS name in pihole and want to access influxdb with this name. But because some Services in my network need to adress a port for influxdb, i want wo ask, if it is possible to redirect the traffic from port 8086 to tls enableds 8086 and adress the hostname with the port.

E.g.

Before i have used traefik, i adressed my influxdb2 via its ip

https://192.x.x.x:8086 (with self signed certificates enabled) --> worked fine...

Now i would like to adress the server, like any other container in my network via its domain name which have set in pihole. Works for any other container, but not for influxdb because here i need a port.

https://influxdb.local.example.com:8086

I have set a new entrypoint in traefik --> :8086

But i do not get this scenario running.

Any suggetions?

Kind regards
danyo

3

Hi @danyo2008
The trick is to remove the self-signed and rely entirely on Traefik.
To do this, you have to modify your InfluxDB config.yml file as follows:

tls-cert: ""
tls-key: ""

Also, I don't think you need the TCP routers tbh. I still have mine but that's because I haven't had the chance to modify the docker-compose to comment them out. I think you only need the http router for 8086.

Here's mine:

      - "traefik.http.routers.influxdb-ui-rtr.entrypoints=secureweb"
      - "traefik.http.routers.influxdb-ui-rtr.tls=true"
      - "traefik.http.routers.influxdb-ui-rtr.rule=Host(`influx.example.com`)"
      - "traefik.http.routers.influxdb-ui-rtr.tls.certresolver=myletsencrypt"
      - "traefik.http.routers.influxdb-ui-rtr.service=influxdb-ui-svc"
      - "traefik.http.services.influxdb-ui-svc.loadbalancer.server.port=8086"

You don't actually need a port. You just use port 443 for Traefik and that routes the traffic internally to 8086 for the influxdb container

I hope this helps.

4

Hi,

thanks for your answer.... HTTPS itself works fine with letsencrypt. Even locally on my network.
But i have a service, which will connect to the influxdb via influx.example.com and have also an obligatory field for the port. So the adress schould be https://influx.example.com:8086.

So, https shall not run on port 443 but on 8086..... Hope, you can understand my problem :slight_smile:

Thanks and regards
danyo

5

To have it work on 8086, you need a new entry point listening on 8086 in Traefik itself and use the same lets encrypt certificate provider. Make sure you specify the new entry point in your config.

In the example I provided above, you would have the first line use "ep-influxdb" instead of "secureweb"

6

Hi, thx.... Made everything like you descriped....

new Entrypoint 8086, but if i adress the host it redirects to 443 without a port behind the adress and the output is "404 page not found"

And i got this output now: "Client sent an HTTP request to an HTTPS server."

Works now.... :slight_smile:

traefik.http.services.influxdb-svc.loadbalancer.server.scheme = https

was the solution....

thx for your help....

1 Like
7

I'm glad you got it to work. Thanks for letting me know.