我认为具有 nginx + ssl + nodered + grafana + mosquitto + influxdb 的 docker 系统很常见,我希望这能够对其他人有所帮助。
我已经完美地运行了 nginx 和 ssl(certbot),如果我访问http://example.com:1880或http://example.com:1880/ui或http://example.com:3000,我可以完美地访问 nodered flows、ui 和 grafana。
但我需要“更多”。
我想要有这样的“子文件夹”:
- grafana 将转到 example.com/grafana
- nodered 流程编辑必须转到 example.com/nodered
- nodered ui(dashboard 或 flowfuse,无论什么)必须转到 example.com
我尝试了数百种配置,编辑 docker-compose.yml、nginx.conf、settings.js 和 grafana.ini,但是......没有运气。
我希望有人能有类似的东西并与我们分享他/她的配置文件。
这些是此时的矿井(我已删除了我的“错误配置尝试”)
server {
listen 80;
listen [::]:80;
server_name example.com;
location /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
location / {
# rewrite ^ https://$host$request_uri? permanent;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
#STATIC index index.php index.html index.htm;
#STATIC root /var/www/html;
server_tokens off; #Disable the Nginx version in headers for security
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
#linuxserver.io
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Logs for Nginx access and errors
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location ~ /\.ht { deny all; }
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; }
}
Docker-compose.yml
services:
mosquitto:
image: eclipse-mosquitto:2
container_name: mosquitto
ports:
- "1883:1883"
#- "8883:8883"
#- "9001:9001" # Websocket opcional
volumes:
- ./mosquitto-data:/mosquitto
restart: unless-stopped
#environment:
# - 'TZ='Europe/Brussels'
influxdb:
image: influxdb:2.7
container_name: influxdb
ports:
- "8086:8086"
volumes:
- ./influxdb-data:/var/lib/influxdb2
- ./influxdb-config:/etc/influxdb2
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=user
- DOCKER_INFLUXDB_INIT_PASSWORD=password
- DOCKER_INFLUXDB_INIT_ORG=org
- DOCKER_INFLUXDB_INIT_BUCKET=buck
- DOCKER_INFLUXDB_INIT_RETENTION=0
restart: unless-stopped
grafana:
image: grafana/grafana:11.4.0
container_name: grafana
ports:
- "3000:3000"
volumes:
- ./grafana-data:/var/lib/grafana
- ./grafana-config:/etc/grafana
#user: "0"
environment:
- GF_SECURITY_ADMIN_USER=user
- GF_SECURITY_ADMIN_PASSWORD=password
#- GF_SERVER_ROOT_URL=https://example.com/grafana
#- GF_SERVER_DOMAIN=https://example.com/
#- GF_INSTALL_PLUGINS
restart: unless-stopped
nodered:
image: nodered/node-red:4.0
container_name: nodered
ports:
- "1880:1880"
volumes:
- ./nodered-data:/data
restart: unless-stopped
nginx:
image: nginx:1.27.3-bookworm
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx-data:/etc/nginx/conf.d
- ./nginx-logs:/var/log/nginx
- ./letsencrypt-data:/etc/letsencrypt
- ./certbot-data:/var/www/certbot
depends_on:
- nodered
- grafana
- influxdb
restart: unless-stopped
certbot:
image: certbot/certbot
container_name: certbot
depends_on:
- nginx
volumes:
- ./letsencrypt-data:/etc/letsencrypt
- ./certbot-data:/var/www/certbot
#restart: unless-stopped
# command: certonly --webroot --webroot-path=/var/www/certbot/ --email [email protected] --agree-tos --no-eff-email --staging -d example.com
#command: certonly --webroot --webroot-path=/var/www/certbot/ --email [email protected] --agree-tos --no-eff-email --force-renewal -d example.com
volumes:
mosquitto-data:
influxdb-data:
influxdb-config:
grafana-data:
grafana-config:
nodered-data:
letsencrypt-data:
nginx-data:
certbot-data:
我需要对这些文件进行什么更改/添加?:
- nodered:docker-compose、nginx 和 settings.js
- grafana:docker-compose、nginx 和 grafana.ini
多谢。
2025/01/15 19:00 (UTC): 我已经开始使用 grafana 一步一步进行(我认为这更容易)我已经将 docker-compose 更改为:
grafana:
image: grafana/grafana:11.4.0
container_name: grafana
ports:
- "3000:3000"
volumes:
- ./grafana-data:/var/lib/grafana
- ./grafana-config:/etc/grafana
#user: "0"
environment:
- GF_SECURITY_ADMIN_USER=user
- GF_SECURITY_ADMIN_PASSWORD=password
- GF_SERVER_ROOT_URL=https://example.com/grafana/
- GF_SERVER_DOMAIN=https://example.com/
- GF_SERVER_SERVER_FORM_SUB_PATH=true
restart: unless-stopped
和 nginx.conf:
# Grafana Dashboard
location /grafana/ {
proxy_set_header Host $host;
proxy_pass http://grafana:3000/;
}
# Proxy Grafana Live WebSocket connections.
location /grafana/api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_pass http://grafana:3000/;
}
我没有改变 grafana.ini,因为我找到了在 docker-compose 中使用环境变量的更好方法。
我得到了“一些东西”,至少,“grafana”正在回答:
If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host grafana under a subpath make sure your grafana.ini root_url setting includes subpath. If not using a reverse proxy make sure to set serve_from_sub_path to true.
If you have a local dev build make sure you build frontend using: yarn start, or yarn build.
Sometimes restarting grafana-server can help.
Check if you are using a non-supported browser. For more information, refer to the list of supported browsers .
所以我仍然无法让它工作。
2025/01/15 20:30 (UTC): 在这里我尝试 nodered,最简单的“代理”配置。
我已在 nginx.conf 中添加了此项
location / {
proxy_pass http://nodered:1880/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # WebSocket support
proxy_http_version 1.1;
# proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ^/(.*) /$1 break;
}
我尝试了几次对每一行进行注释和取消注释(每次尝试===一行注释或取消注释)
再次查看部分结果。我可以看到 nodered 正在响应,但由于几个静态页面未加载,因此页面为空白。
这些是我在控制台中看到的一些错误:
Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
example.com/:1 Refused to execute script from 'https://example.com/vendor/vendor.js?v=3305aad6c0c6' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.Understand this errorAI
monaco-bootstrap.js:1
Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
red.min.js:1
Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
main.min.js:1
所以,我再次感到自己很愚蠢。这可能也很容易解决,我已经尝试了我在谷歌上找到的所有方法,并使用了 chatgpt(例如)
再次感谢您的帮助。
2025/01/18 9:00(UTC):
我继续尝试不同的东西。这次最简单的 grafana 配置仅用于测试 docker-compose 和 nginx 配置。再次没有运气。
# Grafana Dashboard
location / {
proxy_set_header Host $host;
proxy_pass http://grafana:3000/;
}
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "3000:3000"
volumes:
- ./grafana-data:/var/lib/grafana
- ./grafana-config:/etc/grafana
#user: "0"
environment:
- GF_SECURITY_ADMIN_USER=user
- GF_SECURITY_ADMIN_PASSWORD=password
并且 grafana.ini 没有从默认的进行修改。
我可以看到有错误的 grafana 网页,并且在控制台、网络选项卡中,我可以看到 chrome 没有加载 css 和 js 文件。
https://example.com/public/build/grafana.dark.722d809dba5a31f57d49.css
我已经检查过这个文件在 grafana 容器内存在,所以我不知道为什么 nginx 没有重定向或找到这个文件。
但是,找到了这个文件: https: //example.com/public/img/grafana_icon.svg
那么 nginx 配置文件中的 js、css 等文件是否存在问题,不是吗?
如果我去(测试)http://example.com:3000文件被正确加载: http://example.com: 3000/public/build/grafana.dark.722d809dba5a31f57d49.css
那么...有什么解决办法吗?
(以防万一,我为这个“简单”测试使用了 nginx.conf 文件:)
server {
listen 80;
listen [::]:80;
server_name example.com;
location /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
# return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
server_tokens off; #Disable the Nginx version in headers for security
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Grafana Dashboard
location / {
proxy_set_header Host $host;
proxy_pass http://grafana:3000/;
}
# Logs for Nginx access and errors
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location ~ /\.ht { deny all; }
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; }
}