summaryrefslogtreecommitdiffstats
path: root/docs/Running-behind-lighttpd.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:08:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:08:07 +0000
commitc69cb8cc094cc916adbc516b09e944cd3d137c01 (patch)
treef2878ec41fb6d0e3613906c6722fc02b934eeb80 /docs/Running-behind-lighttpd.md
parentInitial commit. (diff)
downloadnetdata-c69cb8cc094cc916adbc516b09e944cd3d137c01.tar.xz
netdata-c69cb8cc094cc916adbc516b09e944cd3d137c01.zip
Adding upstream version 1.29.3.upstream/1.29.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/Running-behind-lighttpd.md')
-rw-r--r--docs/Running-behind-lighttpd.md71
1 files changed, 71 insertions, 0 deletions
diff --git a/docs/Running-behind-lighttpd.md b/docs/Running-behind-lighttpd.md
new file mode 100644
index 0000000..8649158
--- /dev/null
+++ b/docs/Running-behind-lighttpd.md
@@ -0,0 +1,71 @@
+<!--
+title: "Netdata via lighttpd v1.4.x"
+custom_edit_url: https://github.com/netdata/netdata/edit/master/docs/Running-behind-lighttpd.md
+-->
+
+# Netdata via lighttpd v1.4.x
+
+Here is a config for accessing Netdata in a suburl via lighttpd 1.4.46 and newer:
+
+```txt
+$HTTP["url"] =~ "^/netdata/" {
+ proxy.server = ( "" => ("netdata" => ( "host" => "127.0.0.1", "port" => 19999 )))
+ proxy.header = ( "map-urlpath" => ( "/netdata/" => "/") )
+}
+```
+
+If you have older lighttpd you have to use a chain (such as bellow), as explained [at this stackoverflow answer](http://stackoverflow.com/questions/14536554/lighttpd-configuration-to-proxy-rewrite-from-one-domain-to-another).
+
+```txt
+$HTTP["url"] =~ "^/netdata/" {
+ proxy.server = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 19998 )))
+}
+
+$SERVER["socket"] == ":19998" {
+ url.rewrite-once = ( "^/netdata(.*)$" => "/$1" )
+ proxy.server = ( "" => ( "" => ( "host" => "127.0.0.1", "port" => 19999 )))
+}
+```
+
+---
+
+If the only thing the server is exposing via the web is Netdata (and thus no suburl rewriting required),
+then you can get away with just
+
+```
+proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 19999 )))
+```
+
+Though if it's public facing you might then want to put some authentication on it. htdigest support
+looks like:
+
+```
+auth.backend = "htdigest"
+auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.htdigest"
+auth.require = ( "" => ( "method" => "digest",
+ "realm" => "netdata",
+ "require" => "valid-user"
+ )
+ )
+```
+
+other auth methods, and more info on htdigest, can be found in lighttpd's [mod_auth docs](http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth).
+
+---
+
+It seems that lighttpd (or some versions of it), fail to proxy compressed web responses.
+To solve this issue, disable web response compression in Netdata.
+
+Open `/etc/netdata/netdata.conf` and set in [global]\:
+
+```
+enable web responses gzip compression = no
+```
+
+## limit direct access to Netdata
+
+You would also need to instruct Netdata to listen only to `127.0.0.1` or `::1`.
+
+To limit access to Netdata only from localhost, set `bind socket to IP = 127.0.0.1` or `bind socket to IP = ::1` in `/etc/netdata/netdata.conf`.
+
+[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fdocs%2FRunning-behind-lighttpd&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)](<>)