Grafana Dashboard Remote Access

November 6, 2024, 11:54

pipsqueeeek

Hi y'all. I'm currently working on a project that requires me to set up a weather station with raspberry and live it somewhere far from my home/office. I'm wondering how I can access my Grafana dashboard remotely, for example when I'm at the University or at the mall. I'm using IoTStock, Node-RES, Mosquitto, InfluxDB, and Docker. does anyone have any idea on how I can access my dashboard anywhere in the world? your insights are deeply appreciated!

oops.se

A common way to do it (less secure) is to: 1. Get a Dynamic DNS host name that points to your firewall/router public IP address 2. Set a static IP address on your host that hosts "dashboard" 3. Open two ports, 80 (http) and 443 (https) in your firewall/router and point them to the IP address of your "dashboard".

oops.se

A more secure way is more complex and you need a second host (acts as a proxy for your 1. Open two ports, 80 (http) and 443 (https) in your firewall/router and point them to the IP address of your "dashboard") and a firewall with DMZ capability

pipsqueeeek

thank you so much! <@796000224690307072>

thunder07337

Is the Pi connected to the Internet?

pipsqueeeek

yes

thunder07337

Fixed public IP or dynamic?

pipsqueeeek

I already have my Local Ip set into a static one, and with my public IP I installed No-IP to my RPi that listens to my public IP and it redirects it to my domain name(a free domain name from my NO-IP acc)

thunder07337

How did you install the services, normally or as a Docker container?

pipsqueeeek

how do you suggest I do it? I'm still uncertain and conflicted

thunder07337

That's why I asked how you installed your services like NodeRed, influxdb and co. Because it depends on how you proceed.

pipsqueeeek

I downloaded it as a docker container

pipsqueeeek

i followed the guide on youtube

thunder07337

Ah all right. Then you still need a reverse proxy. This listens on ports 80 and 443 and forwards the requests internally to the correct Docker container. What I know for this is Nginx Proxy Manager, Traefik and Caddy. You should take a look at them and decide for yourself which one you want to use. I can show you how I did it with Traefik.

pipsqueeeek

i would love to see it

thunder07337

docker-compose.yml

services:
  traefik:
    container_name: traefik
    image: traefik:v3.0
    restart: always
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml
      - ./acme.json:/acme.json
    networks:
      - traefikproxy

networks:
  traefikproxy:
    external: true
    name: traefikproxy

traefik.yml

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

api:
  dashboard: true
  insecure: true

providers:
  docker:
    exposedByDefault: false
    network: traefikproxy

certificatesResolvers:
  letsencrypt:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: web

dynamic.yml

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"

    https-redirect:
      redirectScheme:
        scheme: https

sudo docker network create -d bridge traefikproxy You must add the following to the other container in compose.yml.

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.XXX.rule=Host(YYY)"
  - "traefik.http.routers.XXX.entrypoints=websecure"
  - "traefik.http.routers.XXX.tls=true"
  - "traefik.http.routers.XXX.tls.certresolver=letsencrypt"

thunder07337

XXX should be replaced by the name of the container, example for mosquitto:

labels:
 - "traefik.enable=true
 " - "traefik.http.routers.mosquitto.rule=Host(YYY)"
  - "traefik.http.routers.mosquitto.entrypoints=websecure
 " - "traefik.http.routers.mosquitto.tls=true
 " - "traefik.http.routers.mosquitto.tls.certresolver=letsencrypt"

For YYY you have to set the domain. And you must add the network to the containers that are to be accessible via the domain.

    networks:
      - traefikproxy

networks:
  default:
  traefikproxy:
    external: true
    name: traefikproxy

My grafana compose.yml, for example, looks like this:

services:
  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: unless-stopped
    environment:
      - GF_SERVER_ROOT_URL=https://grafana.example.com
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - TZ=Europe/Berlin
    ports:
      - 3000:3000
    volumes:
      - grafana_storage:/var/lib/grafana
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(grafana.example.com)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls=true"
      - "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
    networks:
      - node-red-net
      - traefikproxy

networks:
  node-red-net:
    external: true
    name: node-red-net
  traefikproxy:
    external: true
    name: traefikproxy

volumes:
  grafana_storage: {}

pipsqueeeek

thank you so much!! <@1187039958561726494>

thunder07337

Does it work?

pipsqueeeek

I'm gonna try it on sunday

pipsqueeeek

hey bro, did you install these using docker images to install(for example grafana)?

thunder07337

Are you looking for the Docker compose for grafana or what exactly do you want to know?