Flux 1.8 8
This page documents an earlier version of InfluxDB.InfluxDB v2.0 is the latest stable version.See the equivalent InfluxDB v2.0 documentation:Enable TLS encryption.
Enabling HTTPS encrypts the communication between clients and the InfluxDB server.When configured with a signed certificate, HTTPS can also verify the authenticity of the InfluxDB server to connecting clients.
InfluxData strongly recommends enabling HTTPS, especially if you plan on sending requests to InfluxDB over a network.
Flux Hacked Client Download Free
Requirements
To enable HTTPS with InfluxDB, you’ll need an existing or new InfluxDB instanceand a Transport Layer Security (TLS) certificate (also known as a Secured Sockets Layer (SSL) certificate).
The Savage Flux HP can take up to 16 NiMH cells (split up with 2 x 6-cell, 2 x 7-cell or 2 x 8-cell battery packs) or 2 LiPo packs of either 2S 7.4v or 3S 11.1v construction. The battery boxes feature cooling vents for the batteries and brand new straps with key locks to secure the packs in place. Flux is packaged with InfluxDB v1.8+ and does not require any additional installation, however it is disabled by default and needs to be enabled.
InfluxDB supports three types of TLS certificates:
Single domain certificates signed by a Certificate Authority
Single domain certificates provide cryptographic security to HTTPS requests and allow clients to verify the identity of the InfluxDB server.With this certificate option, every InfluxDB instance requires a unique single domain certificate.
Wildcard certificates signed by a Certificate Authority
Wildcard certificates provide cryptographic security to HTTPS requests and allow clients to verify the identity of the InfluxDB server.Wildcard certificates can be used across multiple InfluxDB instances on different servers.
Self-signed certificates
Self-signed certificates are not signed by a Certificate Authority (CA).Generate a self-signed certificate on your own machine.Unlike CA-signed certificates, self-signed certificates only provide cryptographic security to HTTPS requests.They do not allow clients to verify the identity of the InfluxDB server.With this certificate option, every InfluxDB instance requires a unique self-signed certificate.
Regardless of your certificate’s type, InfluxDB supports certificates composed ofa private key file (.key
) and a signed certificate file (.crt
) file pair, as well as certificatesthat combine the private key file and the signed certificate file into a single bundled file (.pem
).
The following two sections outline how to set up HTTPS with InfluxDB using a CA-signedcertificate and using a self-signed certificateon Ubuntu 16.04.Steps may vary for other operating systems.
Set up HTTPS with a CA certificate
Step 1: Install the certificate
Place the private key file (.key
) and the signed certificate file (.crt
)or the single bundled file (.pem
) in the /etc/ssl
directory.
Step 2: Set certificate file permissions
Users running InfluxDB must have read permissions on the TLS certificate.
Note: You may opt to set up multiple users, groups, and permissions. Ultimately, make sure all users running InfluxDB have read permissions for the TLS certificate.
Run the following command to give InfluxDB read and write permissions on the certificate files.
Step 3: Review the TLS configuration settings
By default, InfluxDB supports the values for TLS ciphers
, min-version
, and max-version
listed in the Constants section of the Go crypto/tls
package documentation and depends on the version of Go used to build InfluxDB. You can configure InfluxDB to support a restricted list of TLS cipher suite IDs and versions.For more information, see Transport Layer Security (TLS) configuration settings.
Step 4: Enable HTTPS in the InfluxDB configuration file
HTTPS is disabled by default.Enable HTTPS in the [http]
section of the configuration file (/etc/influxdb/influxdb.conf
) by setting:
https-enabled
totrue
https-certificate
to/etc/ssl/<signed-certificate-file>.crt
(or to/etc/ssl/<bundled-certificate-file>.pem
)https-private-key
to/etc/ssl/<private-key-file>.key
(or to/etc/ssl/<bundled-certificate-file>.pem
)
Step 5: Restart the InfluxDB service
Restart the InfluxDB process for the configuration changes to take effect:
Step 6: Verify the HTTPS setup
Verify that HTTPS is working by connecting to InfluxDB with the CLI tool:
A successful connection returns the following:
That’s it! You’ve successfully set up HTTPS with InfluxDB.
Set up HTTPS with a self-signed certificate
Step 1: Generate a self-signed certificate
The following command generates a private key file (.key
) and a self-signedcertificate file (.crt
) which remain valid for the specified NUMBER_OF_DAYS
.It outputs those files to the InfluxDB database’s default certificate file paths and gives themthe required permissions.
When you execute the command, it will prompt you for more information.You can choose to fill out that information or leave it blank;both actions generate valid certificate files.
Run the following command to give InfluxDB read and write permissions on the certificate.
Step 2: Review the TLS configuration settings
By default, InfluxDB supports the values for TLS ciphers
, min-version
, and max-version
listed in the Constants section of the Go crypto/tls
package documentation and depends on the version of Go used to build InfluxDB. You can configure InfluxDB to support a restricted list of TLS cipher suite IDs and versions. For more information, see Transport Layer Security (TLS) settings [tls]
.
Step 3: Enable HTTPS in the configuration file
HTTPS is disabled by default.Enable HTTPS in the [http]
section of the configuration file (/etc/influxdb/influxdb.conf
) by setting:
https-enabled
totrue
https-certificate
to/etc/ssl/influxdb-selfsigned.crt
https-private-key
to/etc/ssl/influxdb-selfsigned.key
If setting up HTTPS for InfluxDB Enterprise, you also need to configure insecure TLS connections between both meta and data nodes in your cluster.Instructions are provided in the InfluxDB Enterprise HTTPS Setup guide.
Step 4: Restart InfluxDB
Flux Hacked Client 1.8
Restart the InfluxDB process for the configuration changes to take effect:
Step 5: Verify the HTTPS setup
Verify that HTTPS is working by connecting to InfluxDB with the CLI tool:
A successful connection returns the following:
That’s it! You’ve successfully set up HTTPS with InfluxDB.
Connect Telegraf to a secured InfluxDB instance
Connecting Telegraf to an InfluxDB instance that’s usingHTTPS requires some additional steps.
Flux 1.8.8 Download B11 For Windows
In the Telegraf configuration file (/etc/telegraf/telegraf.conf
), edit the urls
setting to indicate https
instead of http
and change localhost
to therelevant domain name.If you’re using a self-signed certificate, uncomment the insecure_skip_verify
setting and set it to true
.
Next, restart Telegraf and you’re all set!
Support and feedback
Thank you for being part of our community!We welcome and encourage your feedback and bug reports for InfluxDB and this documentation.To find support, the following resources are available:
Flux 1.8 Download
InfluxDB Cloud and InfluxDB Enterprise customers can contact InfluxData Support.