Hi, I'm thinking about add a SSL layer to InfluxDB, Telegraf and Kapacitor.
Between InfluxDB and Telegraf, I don't have any issue but between InfluxDB and Kapacitor I have. These are the logs of both apps. kapacitor: log messages must have 'L!' prefix where L is one of 'D', 'I', 'W', 'E'[log] 2016/11/10 21:21:20 http: TLS handshake error from 127.0.0.1:22865: remote error: bad certificate influxdb: Post https://localhost:9092/write?consistency=&db=telegraf&precision=ns&rp=default: x509: certificate signed by unknown authority But if I run "kapacitor -skipVerify -url https://localhost:9092 list tasks", I will return what I expect, a list of my tasks. The configuration of influxdb is: [http] enabled = true bind-address = ":8086" auth-enabled = false log-enabled = true write-tracing = false pprof-enabled = false https-enabled = true https-certificate = "/etc/influxdb/internal.cert" ### Use a separate private key location. https-private-key = "/etc/influxdb/internal.key" max-row-limit = 10000 realm = "InfluxDB" And Kapacitor: [http] # HTTP API Server for Kapacitor # This server is always on, # it servers both as a write endpoint # and as the API endpoint for all other # Kapacitor calls. bind-address = ":9092" auth-enabled = false log-enabled = true write-tracing = false pprof-enabled = false https-enabled = true https-certificate = "/etc/influxdb/internal.kapacitor.pem" Kapacitor uses the same certificate which is used by influxdb, but this file is a concatenation of the private key and de certiticate. In the Telegraf's configuration, I'm using the " ssl_ca = "/etc/telegraf/cacert.pem" option. As you can see, telegraf only need the CA certificate to work correctly, but Kapacitor doesn't have this option. And Influxdb doesn't have the "insecure_skip_verify" option like telegraf does. So how you can use your own certificates with Kapacitor and Influxdb ? I'm using Debian 8.6 kapacitor 1.0.2-1, influxdb 1.0.2-1 and telegraf 1.0.1-1. Thanks. -- Remember to include the version number! --- You received this message because you are subscribed to the Google Groups "InfluxData" group. To unsubscribe from this group and stop receiving emails from it, send an email to influxdb+unsubscr...@googlegroups.com. To post to this group, send email to influxdb@googlegroups.com. Visit this group at https://groups.google.com/group/influxdb. To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/945e5a45-7c96-4a96-9b62-4f04b6c73141%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
