What I’m trying to achieve:
- Run pmm server in docker container on "server", expose port 443 as 127.0.0.1:8443
- Use nginx as reverse proxy for 127.0.0.1:8443. This way nginx can handle TLS using certbot and also serve other domains.
- Connect pmm-agent running on "client" to "server"
What I’ve done:
deployed pmm-server image on docker like this:
docker run --detach --restart always --publish 127.0.0.1:8443:443 --volumes-from pmm-data --name pmm-server percona/pmm-server:2
configured nginx site:
server {
server_name server.domain;
location / {
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8443;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server.domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/server.domain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = server.domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name server.domain;
return 404; # managed by Certbot
}
proxy_params:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
configured client:
pmm-admin config --server-url=https://user:pass@server.domain:443 server_ip generic server
What happens:
pmm-admin status:
"Failed to get PMM Agent status from local pmm-agent: pmm-agent is not connected to PMM Server."
pmm-agent --debug:
ERRO[2020-12-23T12:33:12.822+01:00] Failed to connect to server.domain:443: timeout. component=client
INFO[2020-12-23T12:33:13.605+01:00] Connecting to https://user:***@server.domain:443/ ... component=client
What I’ve tried:
If i disable nginx and publish docker on 0.0.0.0:443->443 and use --server-insecure-tls, the pmm-agent connects without any problem.