Redash is basically a data visualization tool that can help you connect different datasets and create dashboards and reports based on those datasets. Normal setup for dev servers is quite easy with docker and setup script they have provided. I have written this blog to make easier the part where you need to have server with ssl and https connection.
Pr-requisite:
1. Run the setup script provided in repo of redash
Now Lets look at the steps for setup of redash on hosted server with ssl of your own domain:
1. Make sure the domain you picked points at the IP of your Redash server.
2. Create a folder named nginx at your Ubuntu server at location /opt/redash/
3. Create two more folders inside nginx folder and name it certs and certs-data at location /opt/redash/nginx
4. Create config file for nginx with below configuration at location /opt/redash/nginx/nginx.conf
upstream redash {
server redash:5000;
}
server {
listen 80;
listen [::]:80;
server_name your-website.com;
location ^~ /ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://redash;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
} 6. Edit already present docker-compose file at /opt/redash/docker-compose.yml (Replace only last part where container of nginx is defined)nginx:
image: nginx:latest
ports:
- "80:80"
- "443:443"
depends_on:
- server
links:
- server:redash
volumes:
- /opt/redash/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- /opt/redash/nginx/certs:/etc/letsencrypt
- /opt/redash/nginx/certs-data:/data/letsencrypt
restart: always 7. Start the docker-compose for redash platform using command : docker-compose up -d
8. Generate certificates from given configuration using docker container :
docker run -it --rm \
-v /opt/redash/nginx/certs:/etc/letsencrypt \
-v /opt/redash/nginx/certs-data:/data/letsencrypt \
deliverous/certbot \
certonly \
--webroot --webroot-path=/data/letsencrypt \
-d your-website.com 9. If all things went well in previous step then you can change the nginx config again for ssl certificates to be included in redash platform , location of config file: /opt/redash/nginx/nginx.conf: upstream redash { server redash:5000; } server { listen 80; listen [::]:80; server_name your-website.com; location ^~ /ping { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://redash; } location / { rewrite ^ https://$host$request_uri? permanent; } location ^~ /.well-known { allow all; root /data/letsencrypt/; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name your-website.com; add_header Strict-Transport-Security "max-age=31536000" always; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; ssl_certificate /etc/letsencrypt/live//fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-website.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/your-website.com/chain.pem; access_log /dev/stdout; error_log /dev/stderr info; # other configs location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://redash; } }your-website.com
10. Now you can restart the nginx for allowing changes to take effect : docker-compose restart nginx11. All done , now your redash dashboard should be available on https.12. To renew certificate in future use below 2 steps one by one: docker run -t --rm -v /opt/redash/nginx/certs:/etc/letsencrypt \
-v /opt/redash/nginx/certs-data:/data/letsencrypt \
deliverous/certbot renew --webroot --webroot-path=/data/letsencrypt docker-compose kill -s HUP nginx
No comments:
Post a Comment