Skip to main content

Influx - Datenbank anlegen

0 | Vorbereitungen

apt-get update
apt-get install -y \
curl gnupg ca-certificates lsb-release coreutils

1 | Repository & Paketinstallation

curl --silent --location -O https://repos.influxdata.com/influxdata-archive.key
echo "943666881a1b8d9b849b74caebf02d3465d6beb716510d86a39f6c8e8dac7515  influxdata-archive.key" \
| sha256sum --check -

cat influxdata-archive.key | gpg --dearmor \
| tee /etc/apt/trusted.gpg.d/influxdata-archive.gpg >/dev/null

echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.gpg] https://repos.influxdata.com/debian stable main' \
| tee /etc/apt/sources.list.d/influxdata.list

apt-get update
apt-get install -y influxdb2
systemctl enable --now influxdb

2 | Selbst-signiertes Zertifikat erzeugen (100 Jahre)

cat > /root/san.cnf <<'EOF'
[req]
distinguished_name = dn
req_extensions     = v3_req
prompt             = no
[dn]
CN = influxdb.local
[v3_req]
keyUsage         = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName   = @alt
[alt]
DNS.1 = influxdb.local
IP.1  = 127.0.0.1
EOF

openssl req -new -newkey rsa:4096 -nodes \
  -keyout /etc/ssl/influxdb.key \
  -out    /etc/ssl/influxdb.csr \
  -config /root/san.cnf

openssl x509 -req -in  /etc/ssl/influxdb.csr \
  -signkey          /etc/ssl/influxdb.key \
  -out              /etc/ssl/influxdb.crt \
  -days 36500 -extensions v3_req -extfile /root/san.cnf

rm /etc/ssl/influxdb.csr /root/san.cnf
chown influxdb:influxdb /etc/ssl/influxdb.{crt,key}
chmod 644 /etc/ssl/influxdb.crt
chmod 600 /etc/ssl/influxdb.key

3 | HTTPS in config.toml aktivieren

# Default-Konfig erzeugen, falls nicht vorhanden
test -f /etc/influxdb/config.toml || influxd print-config > /etc/influxdb/config.toml

# Port sicherstellen & alte TLS-Zeilen entfernen
sed -i \
  -e 's|^[# ]*http-bind-address .*|http-bind-address = ":8086"|' \
  -e '/^[# ]*tls-cert /d' \
  -e '/^[# ]*tls-key  /d' \
  /etc/influxdb/config.toml

# TLS-Pfad-Direktiven anhängen
cat >> /etc/influxdb/config.toml <<'EOT'
tls-cert = "/etc/ssl/influxdb.crt"
tls-key  = "/etc/ssl/influxdb.key"
EOT

# Influx-Startskript auf diese Konfig verweisen
echo 'INFLUXD_CONFIG_PATH=/etc/influxdb/config.toml' > /etc/default/influxdb2

systemctl daemon-reload
systemctl restart influxdb

4 | Funktionstest

curl --insecure https://localhost:8086/api/v2/ping -I
# Erwartung: HTTP/1.1 204 No Content

Hinweise

  • Browser warnen bei selbst-signierten Zertifikaten – für interne Netze meist unkritisch.
  • Für öffentliche Zugriffe besser Let’s Encrypt verwenden.
  • InfluxDB 3-Docker-Images akzeptieren die TLS-Pfad-Parameter direkt in docker run ….

5 | Alles-in-einem-Skript (Copy & Paste)

#!/usr/bin/env bash
# install_influxdb_https.sh – Einmal ausführen, um InfluxDB 2 + HTTPS einzurichten
set -euo pipefail

### 0 | Pakete
apt-get update
apt-get install -y curl gnupg ca-certificates lsb-release coreutils

### 1 | Repo & Paket
curl --silent --location -O https://repos.influxdata.com/influxdata-archive.key
echo "943666881a1b8d9b849b74caebf02d3465d6beb716510d86a39f6c8e8dac7515  influxdata-archive.key" | sha256sum --check -
cat influxdata-archive.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/influxdata-archive.gpg >/dev/null
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive.gpg] https://repos.influxdata.com/debian stable main' \
  | tee /etc/apt/sources.list.d/influxdata.list
apt-get update
apt-get install -y influxdb2
systemctl enable --now influxdb

### 2 | TLS-Zertifikat (100 Jahre)
cat >/tmp/san.cnf <<'EOF'
[req]
distinguished_name = dn
req_extensions     = v3_req
prompt             = no
[dn]
CN = influxdb.local
[v3_req]
keyUsage         = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName   = @alt
[alt]
DNS.1 = influxdb.local
IP.1  = 127.0.0.1
EOF

openssl req -new -newkey rsa:4096 -nodes \
  -keyout /etc/ssl/influxdb.key \
  -out    /etc/ssl/influxdb.csr \
  -config /tmp/san.cnf
openssl x509 -req -in /etc/ssl/influxdb.csr -signkey /etc/ssl/influxdb.key \
  -out /etc/ssl/influxdb.crt -days 36500 -extensions v3_req -extfile /tmp/san.cnf
rm /etc/ssl/influxdb.csr /tmp/san.cnf
chown influxdb:influxdb /etc/ssl/influxdb.{crt,key}
chmod 644 /etc/ssl/influxdb.crt
chmod 600 /etc/ssl/influxdb.key

### 3 | config.toml anpassen
test -f /etc/influxdb/config.toml || influxd print-config > /etc/influxdb/config.toml
sed -i -e 's|^[# ]*http-bind-address .*|http-bind-address = ":8086"|' \
       -e '/^[# ]*tls-cert /d' -e '/^[# ]*tls-key  /d' \
       /etc/influxdb/config.toml
printf "\ntls-cert = \"/etc/ssl/influxdb.crt\"\ntls-key  = \"/etc/ssl/influxdb.key\"\n" \
  >> /etc/influxdb/config.toml
echo 'INFLUXD_CONFIG_PATH=/etc/influxdb/config.toml' > /etc/default/influxdb2

### 4 | Neustart & Test
systemctl daemon-reload
systemctl restart influxdb
curl --insecure https://localhost:8086/api/v2/ping -I
echo "✔ InfluxDB läuft jetzt per HTTPS auf Port 8086"


No Comments
Back to top