Deployment Overview of VictoriaMetrics on Server¶

Prerequisites and Basic Requirements¶

The deployment requires a Linux server with the following specifications:

• Operating System: Linux distribution compatible with Docker Engine.
• Privileges: Root access or a user with sudo privileges is required to manage Docker containers and system directories.
• Ports: The following ports must be open on the server firewall:
• 80 (HTTP) for initial SSL certificate issuance.
• 443 (HTTPS) for secure access to the application.
• 8427 for the vmauth service.
• 8428 for the VictoriaMetrics service.
• Domain: A valid domain name pointing to the server IP address is required for the Nginx reverse proxy and SSL certificate generation.

File and Directory Structure¶

The application files and data are organized in the following locations:

• /root/victoria-metrics-data/: The primary directory containing configuration files and mounted volumes.
• compose.yml: The Docker Compose definition file for the entire stack.
• authconfig.yml: The authentication configuration file for the vmauth service.
• /data/nginx/user_conf.d/: Directory containing custom Nginx configuration files.
• /etc/letsencrypt/: Directory where SSL certificates and keys are stored by the Certbot container.

Docker Containers and Their Deployment¶

The application is deployed using Docker Compose, which orchestrates three main services:

• nginx:
• Image: jonasal/nginx-certbot:latest
• Function: Acts as a reverse proxy and handles SSL certificate management via Certbot.
• Ports: Exposes 80 and 443.
• Environment: Configured with the email [email protected] for certificate notifications.

• Volumes: Mounts nginx_secrets for Let's Encrypt data and /data/nginx/user_conf.d for custom configurations.

• victoriametrics:

• Image: victoriametrics/victoria-metrics:latest
• Function: The core time-series database.
• Ports: Exposes 8428.

• Volumes: Mounts /root/victoria-metrics-data and the victoriametrics Docker volume for persistent data storage.

• vmauth:

• Image: victoriametrics/vmauth
• Function: Provides authentication and authorization for the VictoriaMetrics cluster.
• Container Name: vmauth
• Ports: Exposes 8427.
• Command: Starts with the flag -auth.config=/root/victoria-metrics-data/authconfig.yml.
• Dependencies: Starts after the victoriametrics service.
• Volumes: Mounts /root/victoria-metrics-data to access the authentication configuration.

All services are configured with the restart policy unless-stopped.

Proxy Servers¶

The deployment includes an Nginx reverse proxy managed by the jonasal/nginx-certbot container.

• SSL/TLS: Automatic SSL certificate generation and renewal are handled by Certbot within the Nginx container.
• Configuration: Custom Nginx rules are loaded from the /data/nginx/user_conf.d directory.
• Access: External traffic is routed through ports 80 and 443 to the internal services.

Starting, Stopping, and Updating¶

The application stack is managed via Docker Compose commands executed from the /root/victoria-metrics-data directory.

• Start the stack:

  cd /root/victoria-metrics-data
  docker compose up -d
  

• Stop the stack:

  cd /root/victoria-metrics-data
  docker compose down
  

• Update the stack: To apply changes to the configuration or pull new images, run:

  cd /root/victoria-metrics-data
  docker compose pull
  docker compose up -d
  

• View logs:

  cd /root/victoria-metrics-data
  docker compose logs -f
  

Permission Settings¶

The file system permissions are set as follows to ensure proper operation:

• The directory /root/victoria-metrics-data is owned by root:root with permissions 0644.
• The files compose.yml and authconfig.yml within this directory are also owned by root:root with permissions 0644.
• Docker volumes nginx_secrets and victoriametrics are created as external volumes to persist data across container restarts.