Here is a config for accessing Netdata in a suburl via lighttpd 1.4.46 and newer:
$HTTP["url"] =~ "^/netdata/" {
proxy.server = ( "" => ("netdata" => ( "host" => "127.0.0.1", "port" => 19999 )))
proxy.header = ( "map-urlpath" => ( "/netdata/" => "/") )
}
If you have older lighttpd you have to use a chain (such as bellow), as explained at this stackoverflow answer.
$HTTP["url"] =~ "^/netdata/" {
proxy.server = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 19998 )))
}
$SERVER["socket"] == ":19998" {
url.rewrite-once = ( "^/netdata(.*)$" => "/$1" )
proxy.server = ( "" => ( "" => ( "host" => "127.0.0.1", "port" => 19999 )))
}
If the only thing the server is exposing via the web is Netdata (and thus no suburl rewriting required), then you can get away with just
proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 19999 )))
Though if it's public facing you might then want to put some authentication on it. htdigest support looks like:
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.htdigest"
auth.require = ( "" => ( "method" => "digest",
"realm" => "netdata",
"require" => "valid-user"
)
)
other auth methods, and more info on htdigest, can be found in lighttpd's mod_auth docs.
It seems that lighttpd (or some versions of it), fail to proxy compressed web responses. To solve this issue, disable web response compression in Netdata.
Open /etc/netdata/netdata.conf
and set in [global]:
enable web responses gzip compression = no
You would also need to instruct Netdata to listen only to 127.0.0.1
or ::1
.
To limit access to Netdata only from localhost, set bind socket to IP = 127.0.0.1
or bind socket to IP = ::1
in /etc/netdata/netdata.conf
.