HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones.
If Netdata is running on a host running HAProxy, rather than connecting to Netdata from a port number, a domain name can
be pointed at HAProxy, and HAProxy can redirect connections to the Netdata port. This can make it possible to connect to
https://example.com/netdata/, which is a much nicer experience then
To proxy requests from HAProxy to Netdata, the following configuration can be used:
For all examples, set the mode to
A simple example where the base URL, say
http://example.com, is used with no subpath:
Create a frontend to receive the request.
Create the Netdata backend which will send requests to port
Configuration with subpath
A example where the base URL is used with a subpath
To use a subpath, create an ACL, which will set a variable based on the subpath.
Same as simple example, except remove
/netdata/ with regex.
Using TLS communication
TLS can be used by adding port
443 and a cert to the frontend.
This example will only use Netdata if host matches example.com (replace with your domain).
This frontend uses a certificate list.
In the cert list file place a mapping from a certificate file to the domain used:
/etc/letsencrypt/live/example.com/example.com.pem should contain the key and
certificate (in that order) concatenated into a
Same as simple, except set protocol
To use basic HTTP Authentication, create an authentication list:
You can create a hashed password using the
passwordhere with hash:
Now add at the top of the backend:
Full example configuration with HTTP auth over TLS with subpath: