SyntropyStack — UI — Monitoring solution with Grafana, Prometheus, Node_exporter and Nginx — Part 1
In this tutorial, we will be creating a monitoring network with node_exporter, Prometheus, Grafana and Nginx (with Let’s Encrypt SSL certificates). To deploy our network, we will be using the Syntropy Stack.
Syntropy Stack allows us to quickly connect application services (Apache, nginx, Grafana, InfluxDB, MariaDB, etc.) with optimized and encrypted connections by default. It’s compatible with any device or service, running on a cloud, on-premise or edge locations.
If you are an inexperienced developer, the interface will make this easier, but keep in mind that you can also achieve the same using Syntropy Stack’s command-line tool or Ansible collections. You could also define the network in the YAML file. Edit appropriately for each tutorial
Start Syntropy Agent with Docker
sudo docker run --network="host" --restart=on-failure:10 --cap-add=NET_ADMIN --cap-add=SYS_MODULE \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--device /dev/net/tun:/dev/net/tun --name=syntropynet-agent \
-e SYNTROPY_API_KEY=CHANGE ME \
-e SYNTROPY_TAGS=CHANGE ME \
-e SYNTROPY_PROVIDER=CHANGE ME \
-e SYNTROPY_AGENT_NAME=CHANGE ME \
-e SYNTROPY_NETWORK_API='docker' \
The VM of different vendors register on the SyntropyStack interface thanks to the agent launched by Docker.
Certificat SSL LetsEncrypt
For my access to be secure, it was necessary to create a LetsEncrypt SSL certificate and pair it with a domain name. In this example, I use DuckDNS.
The creation of several sub-networks
Launch services on each dedicated VM. Be careful by launching them on a different subnet
sudo docker network create --subnet 172.20.0.0/24 syntropynetsudo docker network create --subnet 172.21.0.0/24 syntropynetsudo docker network create --subnet 172.22.0.0/24 syntropynet
Here are some explanations for each service:
To distinguish VM and Services, it is necessary to mount them on different IP address plans. Ports were not to be exposed to the Internet, except for 443.
Build 3x VM
Three Docker images will be required. We mount a Proxy Revers by exposing port 443 to be coupled with a LetsEncrypt SSL certificate + a domain name. All that will depend on the Grafana image.
sudo docker run --detach --net=syntropynet \
--name nginx-proxy \
--publish 80:80 \
--publish 443:443 \
--volume /etc/nginx/certs \
--volume /etc/nginx/vhost.d \
--volume /usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxysudo docker run --detach --net=syntropynet \
--name nginx-proxy-letsencrypt \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume /etc/acme.sh \
--env "DEFAULT_EMAIL=mail@domain" \
jrcs/letsencrypt-nginx-proxy-companionsudo docker run --detach --net=syntropynet \
--name grafana \
--env "VIRTUAL_HOST=DuckDNSDomain" \
--env "VIRTUAL_PORT=3000" \
--env "LETSENCRYPT_HOST=DuckDNSDomain" \
--env "LETSENCRYPT_EMAIL=mail@domain" \
--env "GF_SECURITY_ADMIN_USER=admin" \
--env "GF_SECURITY_ADMIN_PASSWORD=syntropy" \
--env "GF_USERS_ALLOW_SIGN_UP=false" \
- Nginx: is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.
- Grafana: free software licensed Apache 2.0 that allows data visualization. It allows dashboards and graphs to be made from multiple sources including time databases such as Graphite, InfluxDB and OpenTSDB
A fourth Docker image to launch promiseheus without exposing port 9090 to the internet.
sudo docker run --net=syntropynet -d --name prometheus -v $PWD/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus:latest
- Prometheus: free computer monitoring software and alert generator. It records real-time metrics in a time series database based on the input point content exposed using the HTTP protocol.
And finally a fifth image for Node-Exporter.
sudo docker run --net=syntropynet -d --name node-exporter quay.io/prometheus/node-exporter
- Node_exporter: will expose all metrics from enabled collectors by default. This is the recommended way to collect metrics to avoid errors when comparing metrics of different families. For advanced use the node_exporter can be passed an optional list of collectors to filter metrics.
Create your Network SyntropyStack
Innovation is to be able to connect these VMs with one click. An encrypted Tunnel is then built. In order for services to communicate with each other, they must be linked together:
Now that all services are communicating together, we have the option to get to the Grafana interface by typing the address of our domain name.
In order for Grafana to reassemble the metrics that Promotheus receives from Node_Exporter, it is necessary to identify the Docker DataSource IP of the Prometheus server. By installing a template, here is the result:
In conclusion, this exercise allowed us to highlight that with different VM connected via an encrypted tunnel, it is possible to build an architecture as if you were in a local network safely;-)