VeilNet
DownloadLogin

Monitoring stack with VeilNet

Learn how to deploy Grafana and Prometheus with VeilNet for secure remote monitoring access.

Prerequisites

  • Docker and Docker Compose installed
  • VeilNet registration token
  • Access to VeilNet Guardian service
  • Sufficient disk space for metrics storage

Overview

This guide shows you how to deploy Grafana and Prometheus, a powerful monitoring and visualization stack, with VeilNet for secure remote access. Prometheus collects metrics, and Grafana provides beautiful dashboards for visualization.

With VeilNet, you can securely access your monitoring dashboards from anywhere without exposing them to the public internet.

Step 1: Create Docker Compose Configuration

Create a docker-compose.yml file with the following configuration:

services:
  veilnet-conflux:
    container_name: veilnet-conflux
    restart: unless-stopped
    env_file:
      - .env
    image: veilnet/conflux:beta
    pull_policy: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    network_mode: host

  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    restart: unless-stopped
    volumes:
      - prometheus:/prometheus
      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: unless-stopped
    volumes:
      - grafana:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD=<GRAFANA_ADMIN_PASSWORD>
      - GF_USERS_ALLOW_SIGN_UP=false
    network_mode: "container:veilnet-conflux"
    depends_on:
      - veilnet-conflux
      - prometheus

volumes:
  prometheus:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./prometheus
  grafana:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ./grafana

Step 2: Create Prometheus Configuration

Create a prometheus.yml file in the same directory:

global:
  scrape_interval: 15s
  evaluation_interval: 15s

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
      - targets: ['localhost:9090']

Step 3: Create Environment File

Create a .env file in the same directory as your docker-compose.yml with the following variables:

VEILNET_REGISTRATION_TOKEN=<YOUR_REGISTRATION_TOKEN>
VEILNET_GUARDIAN=<YOUR_GUARDIAN_URL>
VEILNET_PORTAL=true
VEILNET_CONFLUX_TAG=<YOUR_CONFLUX_TAG>
VEILNET_CONFLUX_CIDR=<VEILNET_CIDR>

Replace the placeholders:

  • <YOUR_REGISTRATION_TOKEN>: Your VeilNet registration token (obtained from the VeilNet portal)
  • <YOUR_GUARDIAN_URL>: The URL of your VeilNet Guardian service (e.g., https://guardian.veilnet.app)
  • <YOUR_CONFLUX_TAG>: A tag to identify this Conflux instance (e.g., monitoring-server)
  • <VEILNET_CIDR>: Any IP address (e.g., 10.128.0.5/16) in CIDR format that belongs to the realm subnet (e.g., 10.128.0.0/16)
  • <GRAFANA_ADMIN_PASSWORD>: Strong password for Grafana admin user

Step 4: Create Data Directories

Create the directories for persistent data storage:

mkdir -p prometheus grafana

These directories will store:

  • prometheus: Prometheus metrics database
  • grafana: Grafana dashboards, datasources, and user data

Step 5: Deploy the Stack

Start all services:

docker-compose up -d

This will:

  • Pull the Prometheus, Grafana, and VeilNet Conflux images
  • Start all containers
  • Create persistent volumes for data storage
  • Automatically restart containers if they stop

Step 6: Verify Deployment

Check that all containers are running:

docker-compose ps

View the VeilNet Conflux logs to verify it's connecting:

docker logs veilnet-conflux -f

You should see logs indicating successful registration and connection to the VeilNet network.

Step 7: Initial Configuration

Local Access

  1. Prometheus: Open http://localhost:9090 to access the Prometheus UI
  2. Grafana: Open http://localhost:3000 and log in with:
    • Username: admin
    • Password: The password you set in the environment variable

Configure Grafana Data Source

  1. Log in to Grafana (locally or via VeilNet IP)
  2. Go to Configuration → Data Sources → Add data source
  3. Select "Prometheus"
  4. Set the URL to http://localhost:9090 (since containers share the network namespace)
  5. Click "Save & Test"

Remote Access via VeilNet

  1. Find your host's VeilNet IP address:
ip addr show veilnet

Or check the VeilNet portal to see your assigned IP address.

  1. Access the services from anywhere using:
    • Prometheus: http://<veilnet-ip>:9090 (e.g., http://10.128.0.5:9090)
    • Grafana: http://<veilnet-ip>:3000 (e.g., http://10.128.0.5:3000)

Step 8: Access Your Monitoring Stack

Local Access

Once the services are running, you can access them locally:

  • Prometheus UI: http://localhost:9090
  • Grafana: http://localhost:3000

Remote Access via VeilNet

With VeilNet configured, you can access your monitoring stack remotely from anywhere in the world using the host's VeilNet IP address, as long as your device is also connected to the same VeilNet realm.

Access the services using:

  • Prometheus UI: http://<veilnet-ip>:9090 (e.g., http://10.128.0.5:9090)
  • Grafana: http://<veilnet-ip>:3000 (e.g., http://10.128.0.5:3000)

Step 9: Create Your First Dashboard

  1. Log in to Grafana (locally or via VeilNet IP)
  2. Go to Dashboards → New Dashboard
  3. Add a panel and select Prometheus as the data source
  4. Create queries to visualize your metrics
  5. Save the dashboard

You can also import pre-built dashboards from the Grafana dashboard library.

Updating Services

To update to newer versions:

docker-compose pull
docker-compose up -d

This will pull the latest images and restart the containers with updated versions.

Stopping and Removing

To stop all services:

docker-compose down

To remove containers and volumes (this will delete all data):

docker-compose down -v

Warning: Removing volumes will delete all Prometheus metrics and Grafana dashboards. Make sure to export important dashboards before removing volumes.

FAQ

How do I add more targets to Prometheus?

Edit the prometheus.yml file and add more scrape configs. For example, to monitor a Node Exporter on another host:

scrape_configs:
  - job_name: 'node-exporter'
    static_configs:
      - targets: ['<veilnet-ip>:9100']

Can I monitor services on other hosts?

Yes! As long as the other hosts are connected to VeilNet, you can configure Prometheus to scrape metrics from them using their VeilNet IP addresses. This allows you to monitor your entire infrastructure securely. Since Prometheus and Grafana share the network namespace with veilnet-conflux, they can also use the VeilNet TUN device for optimal network performance.

How do I set up alerts?

Configure alerting rules in Prometheus and set up Alertmanager. You can also configure Grafana alerting for visual alerts in dashboards.

Can I use Grafana Cloud with this setup?

You can use Grafana Cloud as a remote data source, but with VeilNet, you have secure access to your self-hosted Grafana instance from anywhere, so you may not need Grafana Cloud.

How much storage do I need?

Prometheus storage depends on your retention period and scrape interval. Plan for at least 10-50 GB for a small to medium deployment. Adjust retention in Prometheus configuration if needed.

Why use NET_ADMIN capability instead of privileged mode?

The NET_ADMIN capability provides only the necessary permissions for VeilNet to create and manage network interfaces, without granting full privileged access. This is more secure while still allowing VeilNet to function properly.

Git hosting with VeilNet

Learn how to deploy Gitea with VeilNet for secure remote Git repository access.

Wiki with VeilNet

Learn how to deploy Wiki.js with VeilNet for secure remote documentation access.