Running-behind-lighttpd.md 2.1 KB

Running Netdata behind lighttpd v1.4.x

Here is a config for accessing Netdata in a suburl via lighttpd 1.4.46 and newer:

$HTTP["url"] =~ "^/netdata/" {
    proxy.server  = ( "" => ("netdata" => ( "host" => "127.0.0.1", "port" => 19999 )))
    proxy.header = ( "map-urlpath" => ( "/netdata/" => "/") )
}

If you have older lighttpd, you have to use a chain (such as below), as explained at this Stack Overflow answer.

$HTTP["url"] =~ "^/netdata/" {
    proxy.server  = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 19998 )))
}

$SERVER["socket"] == ":19998" {
    url.rewrite-once = ( "^/netdata(.*)$" => "/$1" )
    proxy.server = ( "" => ( "" => ( "host" => "127.0.0.1", "port" => 19999 )))
}

If the only thing the server is exposing via the web is Netdata (and thus no suburl rewriting required), then you can get away with just

proxy.server  = ( "" => ( ( "host" => "127.0.0.1", "port" => 19999 )))

Though if it's public facing, you might then want to put some authentication on it. htdigest support looks like:

auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.htdigest"
auth.require = ( "" => ( "method" => "digest", 
                         "realm" => "netdata", 
                         "require" => "valid-user" 
                       )
               )

other auth methods, and more info on htdigest, can be found in lighttpd's mod_auth docs.

It seems that lighttpd (or some versions of it), fail to proxy compressed web responses. To solve this issue, disable web response compression in Netdata.

Open /etc/netdata/netdata.conf and set in [global]:

enable web responses gzip compression = no

limit direct access to Netdata

You would also need to instruct Netdata to listen only to 127.0.0.1 or ::1.

To limit access to Netdata only from localhost, set bind socket to IP = 127.0.0.1 or bind socket to IP = ::1 in /etc/netdata/netdata.conf.