archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-22 12:32:32 +00:00
Code Issues Projects Releases Wiki Activity
netdata_netdata/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-lighttpd.md
Fotis Voutsas a5460023bf
Docs directory lint documentation and fix issues () 
* alerts-and-notifications broken link pass

* category-overview-pages pass

* dashboards and charts pass

* deployment-guides pass

* dev corner pass

* exporting metrics pass

* Netdata Agent pass

* Netdata Cloud pass

* observ centrl points pass

* sec and priv design pass

* final docs on docs/ folder

* web server readme fix

* fix broken link
2024-10-03 12:05:07 +03:00

59 lines
2.1 KiB
Markdown
Raw Blame History

# Running Netdata behind lighttpd v1.4.x
Here is a config for accessing Netdata in a suburl via lighttpd 1.4.46 and newer:
```txt
$HTTP["url"] =~ "^/netdata/" {
proxy.server = ( "" => ("netdata" => ( "host" => "127.0.0.1", "port" => 19999 )))
proxy.header = ( "map-urlpath" => ( "/netdata/" => "/") )
}
```
If you have older lighttpd you have to use a chain (such as below), as explained [at this Stack Overflow answer](http://stackoverflow.com/questions/14536554/lighttpd-configuration-to-proxy-rewrite-from-one-domain-to-another).
```txt
$HTTP["url"] =~ "^/netdata/" {
proxy.server = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 19998 )))
}
$SERVER["socket"] == ":19998" {
url.rewrite-once = ( "^/netdata(.*)$" => "/$1" )
proxy.server = ( "" => ( "" => ( "host" => "127.0.0.1", "port" => 19999 )))
}
```
If the only thing the server is exposing via the web is Netdata (and thus no suburl rewriting required),
then you can get away with just
```txt
proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 19999 )))
```
Though if it's public facing you might then want to put some authentication on it. `htdigest` support looks like:
```txt
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.htdigest"
auth.require = ( "" => ( "method" => "digest",
"realm" => "netdata",
"require" => "valid-user"
)
)
```
other auth methods, and more info on htdigest, can be found in lighttpd's [mod_auth docs](http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth).
It seems that lighttpd (or some versions of it), fail to proxy compressed web responses.
To solve this issue, disable web response compression in Netdata.
Open `/etc/netdata/netdata.conf` and set in `[global]`:
```txt
enable web responses gzip compression = no
```
## limit direct access to Netdata
You would also need to instruct Netdata to listen only to `127.0.0.1` or `::1`.
To limit access to Netdata only from localhost, set `bind socket to IP = 127.0.0.1` or `bind socket to IP = ::1` in `/etc/netdata/netdata.conf`.
Reference in a new issue View git blame Copy permalink