Search code examples
linuxdockerinfluxdbinfluxdb-2

Enable https on influxdb docker image: INFLUXDB_HTTP_HTTPS_ENABLED=true seems to be ignored

I'm using the following docker compose file for my influxdb setup:

version: '3'

services:
  influxdb:
    image: influxdb:latest
    container_name: influxdb2.0
    ports:
      - "8083:8083"
      - "8086:8086"
    volumes:
      - ./influxdb/data:/var/lib/influxdb2:rw
      - /etc/letsencrypt/live/MY.DOMAIN/fullchain.pem:/etc/ssl/fullchain.pem
      - /etc/letsencrypt/live/MY.DOMAIN/privkey.pem:/etc/ssl/privkey.pem 
    environment:
      - INFLUXDB_HTTP_HTTPS_ENABLED=true 
      - INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/fullchain.pem
      - INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/privkey.pem
      - INFLUXDB_HTTP_LOG_ENABLED=true

However, https is not enabled when i connect to influxdb. I'm using the same certificates as I use for my nginx website (MY.DOMAIN running on the same machine) where the certificates work as intended. docker logs influxdb2.0 | grep http show me those lines

2023-09-28T10:19:06.570793587Z  info    found existing boltdb file, skipping setup wrapper      {"system": "docker", "bolt_path": "/var/lib/influxdb2/influxd.bolt"}
2023-09-28T10:19:06.607712579Z  info    found existing boltdb file, skipping setup wrapper      {"system": "docker", "bolt_path": "/var/lib/influxdb2/influxd.bolt"}
ts=2023-09-28T10:19:06.726261Z lvl=info msg=Listening log_id=0kYpd4MW000 service=tcp-listener transport=http addr=:8086 port=8086

should transport=http be transport=https in this case? I have not found any information/errors/etc in the influxdb logs about http whatsoever. Should i rather create a separate certificate for my influxdb container?

Solution

  • I think you're simply using an invalid configuration. Looking at the current documentation, it looks like you need to set the tls-cert and tls-key options.

    With this configuration:

    volumes:
  influxdb_data:

services:
  influxdb:
    image: docker.io/influxdb:latest
    ports:
      - "8083:8083"
      - "8086:8086"
    volumes:
      - influxdb_data:/var/lib/influxdb2:rw
      - ./certs/fullchain.pem:/etc/ssl/fullchain.pem
      - ./certs/privkey.pem:/etc/ssl/privkey.pem
    environment:
      - INFLUXD_TLS_CERT=/etc/ssl/fullchain.pem
      - INFLUXD_TLS_KEY=/etc/ssl/privkey.pem

    I see the following output when I docker compose up the stack:

    .
.
.
container-influxdb-1  | ts=2023-09-28T11:54:52.248973Z lvl=info msg=Starting log_id=0kYv6kh0000 service=telemetry interval=8h
container-influxdb-1  | ts=2023-09-28T11:54:52.250707Z lvl=info msg=Listening log_id=0kYv6kh0000 service=tcp-listener transport=https addr=:8086 port=8086

    And I can confirm that influxdb is using TLS by running curl -k https://localhost:8086:

    $ curl -k https://localhost:8086
<!doctype html><html lang="en">
...