Monitoring server resources on Laravel Forge with Netdata

Having some insight into what’s happening with your server’s resources is pretty vital. If you notice things are running slowly or if there’s a reoccurring issue with your server, having some visibility into resource usage and what processes are up to can be the difference between an easy fix and and a 12 hour head scratch. Netdata is a fantastic tool that gives you exactly that pair of x-ray goggles. Here’s a quick demo of the kind of stats you’ll get access to:

Overview stats for a quick view of resource usage

Detailed charting for particular services

Helpfully, getting Netdata up and running on Laravel Forge is pretty straightforward, although the docs can be a little overwhelming.

1. SSH into your Forge Server
2. Run the one line installation script:
   bash <(curl -Ss https://my-netdata.io/kickstart.sh)
The script prompts you a few time to agree to using a bit of disk space etc. Agree to these.
3. You should see a success message
4. Profit?!

That’s everything in terms of installation. However, you’ll notice that if you try and access Netdata, which is done by appending a port 19999 to your domain (such as domain.com:19999), you’ll notice that this will not work. This is because Forge will only open three ports by default, 22 for SSH, 80 for HTTP and 443 for HTTPS. This basic layer of firewall security is great but it is blocking us from accessing Netdata. The good news is that Forge lets you add Firewall rules, including only allowing access to a given port from a given IP address. This is particularly neat as it means you can whitelist your IP(s) and be sure that no one else can access your Netdata… data.

Let’s open up 19999:

1. Within the Forge control panel, navigate to the particular service where Netdata has been installed
2. Choose Network from the left-hand navigation
3. Under New Firewall Rule, name the rule whatever you’d like, add port 19999 and then add your IP address to From IP Address (Optional) as below.

4. Click Add Rule.

5. Visit http://domain.com:19999 and you should see your dashboard. One note, without a little more configuration, you will only be able to access via HTTP and not HTTPS.

Serving over HTTPS

The issue we have now is that Forge is serving HTTPS only over a specific port and our Netdata request does not match this, thus being refused. To remedy this, we need to alter our Nginx config.

1. In Forge, navigate to the a site in question. This is the site that matches the domain you’ll be using to access Netdata.
2. At the bottom of the screen, click Files and then Edit Nginx Configuration
3. I would strongly recommend backing up your untouched config as making any mistakes here could bring your site down and there’s no easy way to revert the config
4. Just after the first line include forge-conf/domain.com/before/* add the following:

upstream netdata {
  server 127.0.0.1:19999;
  keepalive 64;
}

5. Within the server block, add the following:

location = /netdata {
  return 301 /netdata/;
}

location ~ /netdata/(?<ndpath>.*) {
  proxy_redirect off;
  proxy_set_header Host $host;

  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_http_version 1.1;
  proxy_pass_request_headers on;
  proxy_set_header Connection "keep-alive";
  proxy_store off;
  proxy_pass http://netdata/$ndpath$is_args$args;

  gzip on;
  gzip_proxied any;
  gzip_types *;
}

6. Save this config edit

7. Within Forge, browse back to the server that the site resides on

8. At the bottom, click Restart then Restart Nginx

9. Visit domain.com/netdata and you should now see Netdata complete with HTTPS

That’s it!