From a6836f71bf670a3c31adf4b5f05442bbae0aba29 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 19:42:46 +0530 Subject: [PATCH 1/8] removed stray services --- docker-compose.yaml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 458ded7..defd42d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -46,35 +46,6 @@ services: security_opt: - no-new-privileges:true -# # Web-based SSH Terminal -# webssh: -# image: kuaifan/webssh:arm64 -# container_name: webssh -# ports: -# - "7003:5032" -# environment: -# - TZ=${TZ:-UTC} -# # Restrict to internal network for security -# - WEBSSH_ORIGIN_LIST=* -# - WEBSSH_POLICY=reject -# networks: -# - monitoring-net -# restart: unless-stopped -# -# # Log Management (Optional but useful) -# dozzle: -# image: amir20/dozzle:latest -# container_name: dozzle -# ports: -# - "7004:8080" -# volumes: -# - /var/run/docker.sock:/var/run/docker.sock:ro -# networks: -# - monitoring-net -# restart: unless-stopped -# environment: -# - DOZZLE_NO_ANALYTICS=true - volumes: portainer_data: netdata_config: -- 2.49.1 From e5fe1c48adccb9e067c32a8edc390a2ac85c4f78 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 19:46:30 +0530 Subject: [PATCH 2/8] segregrated manager node services --- docker-compose.yaml | 77 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 70 insertions(+), 7 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index defd42d..175e1f5 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,13 +1,22 @@ services: # System Monitoring + + # -------------------------- + # Netdata Manager + # -------------------------- netdata: image: netdata/netdata:latest container_name: netdata ports: - "7001:19999" + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined volumes: - netdata_config:/etc/netdata - - netdata_lib:/var/lib/netdata + - netdata_lib:/var/lib/netdata - netdata_cache:/var/cache/netdata - /proc:/host/proc:ro - /sys:/host/sys:ro @@ -16,19 +25,19 @@ services: - /etc/passwd:/host/etc/passwd:ro - /etc/group:/host/etc/group:ro - /etc/os-release:/host/etc/os-release:ro - cap_add: - - SYS_PTRACE - - SYS_ADMIN - security_opt: - - apparmor:unconfined environment: - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} - NETDATA_CLAIM_URL=https://app.netdata.cloud networks: - monitoring-net restart: unless-stopped + profiles: + - netdata-manager # Container Management + # -------------------------- + # Portainer Manager + # -------------------------- portainer: image: portainer/portainer-ce:latest container_name: portainer @@ -45,13 +54,67 @@ services: - "private-pi:192.168.1.111" security_opt: - no-new-privileges:true + profiles: + - portainer-manager + + # -------------------------- + # Portainer Agent + # -------------------------- + portainer_agent: + image: portainer/agent:latest + container_name: portainer_agent + restart: unless-stopped + ports: + - "9001:9001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_agent_data:/data + networks: + - monitoring-net + profiles: + - portainer-agent + + # -------------------------- + # Netdata Node (Agent) + # -------------------------- + netdata_node: + image: netdata/netdata:latest + container_name: netdata_node + restart: unless-stopped + ports: + - "7003:19999" + cap_add: + - SYS_PTRACE + - SYS_ADMIN + security_opt: + - apparmor:unconfined + volumes: + - netdata_config:/etc/netdata + - netdata_lib:/var/lib/netdata + - netdata_cache:/var/cache/netdata + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /:/host/root:ro,rslave + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /etc/os-release:/host/etc/os-release:ro + environment: + - NETDATA_STREAM_PARENT= # set manager IP here + - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} + - NETDATA_CLAIM_URL=https://app.netdata.cloud + networks: + - monitoring-net + profiles: + - netdata-node volumes: portainer_data: + portainer_agent_data: netdata_config: netdata_lib: netdata_cache: networks: monitoring-net: - driver: bridge \ No newline at end of file + driver: bridge -- 2.49.1 From 0fb6714a255c197199cfe5d1599cb905aefcdd42 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 19:52:14 +0530 Subject: [PATCH 3/8] minor fixes --- docker-compose.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 175e1f5..036f78b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,6 +1,4 @@ services: - # System Monitoring - # -------------------------- # Netdata Manager # -------------------------- @@ -34,7 +32,6 @@ services: profiles: - netdata-manager - # Container Management # -------------------------- # Portainer Manager # -------------------------- @@ -75,7 +72,7 @@ services: - portainer-agent # -------------------------- - # Netdata Node (Agent) + # Netdata Agent # -------------------------- netdata_node: image: netdata/netdata:latest @@ -100,7 +97,7 @@ services: - /etc/group:/host/etc/group:ro - /etc/os-release:/host/etc/os-release:ro environment: - - NETDATA_STREAM_PARENT= # set manager IP here + - NETDATA_STREAM_PARENT=https://netdata.aetoskia.com - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} - NETDATA_CLAIM_URL=https://app.netdata.cloud networks: -- 2.49.1 From f26d447bcacd3258208145a2a7e231373f687149 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 20:07:16 +0530 Subject: [PATCH 4/8] netdata compose fixes --- docker-compose.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 036f78b..25b75bc 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -75,8 +75,8 @@ services: # Netdata Agent # -------------------------- netdata_node: - image: netdata/netdata:latest - container_name: netdata_node + image: netdata/netdata:edge + container_name: netdata_agent restart: unless-stopped ports: - "7003:19999" @@ -97,9 +97,9 @@ services: - /etc/group:/host/etc/group:ro - /etc/os-release:/host/etc/os-release:ro environment: - - NETDATA_STREAM_PARENT=https://netdata.aetoskia.com - - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} + - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud + - NETDATA_CLAIM_ROOMS=2fe293fe-ebff-43b9-9ad4-0b2206d29d26 networks: - monitoring-net profiles: -- 2.49.1 From 9f56f4bd3271e1e1e00b6a308d790596267507c6 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 20:13:31 +0530 Subject: [PATCH 5/8] readme for Server Monitoring Stack --- README.md | 163 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..41cc99e --- /dev/null +++ b/README.md @@ -0,0 +1,163 @@ +# 🏗️ Private Server Monitoring Stack — Aetoskia Infrastructure + +This repository defines a private, self-hosted server monitoring stack running on Raspberry Pi nodes and other servers, consisting of: + +* **Netdata** for system and container metrics +* **Portainer** for container management and orchestration + +This setup allows a central **manager server** to monitor all nodes while providing dashboards and management UI accessible via HTTPS. + +--- + +## 🧬 Services Overview + +| Service | Role | Port(s) | Depends On | +| --------------- | --------------------------------------- | ------- | ------------------- | +| netdata | System monitoring dashboard & master | 7001 | — | +| netdata_node | Node agent streaming metrics to master | 7003 | netdata (manager) | +| portainer | Container management UI & API | 7002 | — | +| portainer_agent | Node agent for remote Docker management | 9001 | portainer (manager) | + +--- + +## ⚙️ Service Details + +### 🐳 Netdata Manager + +Central monitoring server collecting metrics from all connected nodes and exposing dashboards. + +**Ports** + +* 7001 → 19999 — Web dashboard (HTTPS handled via reverse proxy) + +**Mounts** + +* `netdata_config:/etc/netdata` — Persistent Netdata configuration +* `netdata_lib:/var/lib/netdata` — Persistent Netdata metrics database +* `netdata_cache:/var/cache/netdata` — Cache storage + +**Environment** + +* `NETDATA_CLAIM_TOKEN` — Optional claim token for Netdata Cloud +* `NETDATA_CLAIM_URL=https://app.netdata.cloud` + +**Profiles** + +* `netdata-manager` — Manager profile (always acts as manager + local node) + +--- + +### 🐳 Netdata Node + +Agent container that streams metrics to the manager server. + +**Ports** + +* 7003 → 19999 — Local dashboard (optional) + +**Environment** + +* `NETDATA_STREAM_PARENT=https://netdata.aetoskia.com` — Manager endpoint +* `NETDATA_CLAIM_TOKEN` — Optional claim token +* `NETDATA_CLAIM_URL=https://app.netdata.cloud` + +**Profiles** + +* `netdata-node` — Node-only profile + +--- + +### 🦾 Portainer Manager + +Central container management UI and API server, visualizing Docker nodes and stacks. + +**Ports** + +* 7002 → 9000 — Portainer web UI + +**Mounts** + +* `/var/run/docker.sock:/var/run/docker.sock:ro` — Access local Docker +* `portainer_data:/data` — Persistent Portainer data + +**Profiles** + +* `portainer-manager` — Manager profile + +--- + +### 🦾 Portainer Agent + +Node agent that registers with the Portainer manager to allow remote Docker management. + +**Ports** + +* 9001 → 9001 — Agent API + +**Mounts** + +* `/var/run/docker.sock:/var/run/docker.sock` — Access local Docker +* `portainer_agent_data:/data` — Persistent agent data + +**Profiles** + +* `portainer-agent` — Node-only profile + +--- + +## 🧬 Network Integration + +Ensure `/etc/hosts` on all relevant devices (Pi nodes, servers) includes: + +``` +192.168.1.35 netdata.aetoskia.com +192.168.1.35 portainer.aetoskia.com +``` + +* **Netdata manager** receives metrics from `netdata_node` agents +* **Portainer manager** manages `portainer_agent` nodes + +--- + +## 🧠 Usage + +### Manager Server + +Start manager services (also acts as local node): + +```bash +docker compose --profile netdata-manager --profile portainer-manager down --remove-orphans && docker compose --profile netdata-manager --profile portainer-manager up -d +``` + +### Node Server + +Start agent/node services: + +```bash +docker compose --profile netdata-node --profile portainer-agent down --remove-orphans && docker compose --profile netdata-node --profile portainer-agent up -d +``` + +--- + +## ✅ Quick Test Checklist + +| Component | URL | Expected Result | +| --------------- | -------------------------------------------------------------------------- | ------------------------------------------------------- | +| Netdata Manager | [https://netdata.aetoskia.com:7001](https://netdata.aetoskia.com:7001) | Dashboard showing metrics for manager + connected nodes | +| Portainer | [https://portainer.aetoskia.com:7002](https://portainer.aetoskia.com:7002) | Portainer UI showing manager + registered nodes | +| Netdata Node | https://:7003 | Node metrics accessible locally | +| Portainer Agent | Internal agent API | Registered under manager UI | + +--- + +## 🧠 Tips + +* **Manager profile** always acts as **manager + local node**. +* **Node profile** only runs **agent containers**, never acts as manager. +* Use **Docker Compose profiles** to cleanly separate roles. +* Reverse proxy (HTTPS) is recommended for dashboard access. +* Persistent mounts ensure that configuration and metrics survive container restarts. + +--- + +© Aetoskia Internal Infrastructure — All rights reserved. -- 2.49.1 From 4c8f85bc723e1749283dfbf7df42527d6f80eef0 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 20:14:09 +0530 Subject: [PATCH 6/8] added parent stream --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 25b75bc..55d0873 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -97,6 +97,7 @@ services: - /etc/group:/host/etc/group:ro - /etc/os-release:/host/etc/os-release:ro environment: + - NETDATA_STREAM_PARENT=https://netdata.aetoskia.com - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud - NETDATA_CLAIM_ROOMS=2fe293fe-ebff-43b9-9ad4-0b2206d29d26 -- 2.49.1 From fb5c06fb291a1a2cf37c1504c01d82f86c1d631f Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 20:16:45 +0530 Subject: [PATCH 7/8] added names --- docker-compose.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 55d0873..dbaf797 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -24,8 +24,9 @@ services: - /etc/group:/host/etc/group:ro - /etc/os-release:/host/etc/os-release:ro environment: - - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-} + - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud + - NETDATA_STREAM_NAME=Private-Pi-Manager networks: - monitoring-net restart: unless-stopped @@ -98,6 +99,7 @@ services: - /etc/os-release:/host/etc/os-release:ro environment: - NETDATA_STREAM_PARENT=https://netdata.aetoskia.com + - NETDATA_STREAM_NAME=Server-Pi-Node - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud - NETDATA_CLAIM_ROOMS=2fe293fe-ebff-43b9-9ad4-0b2206d29d26 -- 2.49.1 From 54fdc9bdd7b501a68d43844f7739ec5ef5c302e5 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Tue, 21 Oct 2025 20:30:19 +0530 Subject: [PATCH 8/8] hostnames --- docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index dbaf797..1bc43e5 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -5,6 +5,7 @@ services: netdata: image: netdata/netdata:latest container_name: netdata + hostname: Private-Pi-Manager ports: - "7001:19999" cap_add: @@ -26,7 +27,6 @@ services: environment: - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud - - NETDATA_STREAM_NAME=Private-Pi-Manager networks: - monitoring-net restart: unless-stopped @@ -78,6 +78,7 @@ services: netdata_node: image: netdata/netdata:edge container_name: netdata_agent + hostname: Server-Pi-Node restart: unless-stopped ports: - "7003:19999" @@ -99,7 +100,6 @@ services: - /etc/os-release:/host/etc/os-release:ro environment: - NETDATA_STREAM_PARENT=https://netdata.aetoskia.com - - NETDATA_STREAM_NAME=Server-Pi-Node - NETDATA_CLAIM_TOKEN=baiLAOz-VoOsvVNhG1CLi6j14rL3bmYtWHIEfwfRFRX5VhnQDUxpSvKQ3WsSrH2lRw-obUX2tWxIepN9BrYHUppnXfkPndpLCeeDwH4P0ItJ7twkCL77XPnMcQnL8hqN9pBpFIs - NETDATA_CLAIM_URL=https://app.netdata.cloud - NETDATA_CLAIM_ROOMS=2fe293fe-ebff-43b9-9ad4-0b2206d29d26 -- 2.49.1