How to install and configure Nginx reverse proxy for an Instana Agent on a Ubuntu server to work with OpenTelemetry

Alain Airom (Ayrom)
3 min readJul 13, 2023

--

In my previous articles, I discussed an OpenTelemetry metrics reception on an Instana backend through a bastion “Instana Agent” machine.

As a reminder, OpenTelemtry uses both gRPC and HTTP protocols in order to send metrics and traces.

Once an “Instana Agent” is installed on a server and the configuration.yaml file of the agent is configured to listen to OpenTelemtry metrics, we also need to enable the host machine to have specific OpenTelemetry ports accessible too!

The OpenTelemetry ports are 4317 for gRPC and 4318 for HTTP.

Assuming that we have deployed the Instana Agent on a Ubuntu server, the steps provided here would enable the server also to listen to those ports through an Nginx reverse proxy configuration.

In this approach, I change also the Instana Agent port from 42699 to 42700.

Nginx Installation on a Ubuntu server and firewall configuration

  • Installation step
sudo apt-get update -y
sudo apt-get install nginx
# if firewall enabled on the server --- otherwise to be ignored
sudo ufw allow ssh
sudo ufw allow 'Nginx Full'
sudo ufw enable
  • Check if Nginx is running correctly
sudo systemctl status nginx
# if not running, make it run and enable it as a service on the server start
sudo systemctl start nginx
sudo systemctl enable nginx

Configuration of the reverse proxy

Disclaimer: This example is very basic and is focused on a) OpenTelemetry and b) Instana Agent configuration!

  • Go to /etc/nginx/sites-enabled
cd /etc/nginx/sites-enabled
  • Copy/paste and validate the following script (it makes a ‘default’ file)
cat <<'ENDOFFILE' >default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by oth
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;


# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

server {
access_log /var/log/nginx/access_42700.log;
error_log /var/log/nginx/error.log error;
listen 42700;
listen [::]:42700;
location / {
proxy_pass http://localhost:42699;
}
}
server {
access_log /var/log/nginx/access_42717.log;
error_log /var/log/nginx/error.log error;
listen 42717 http2 ;
location / {
grpc_pass 127.0.0.1:4317;
}
}
server {
access_log /var/log/nginx/access_42718.log;
error_log /var/log/nginx/error.log error;
listen 42718;
listen [::]:42718;
location / {
proxy_pass http://localhost:4318;
}
}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
ENDOFFILE
  • Now restart the Nginx service.
sudo service nginx restart 

There you go, all is good now!

Thanks for reading.

--

--

Alain Airom (Ayrom)
Alain Airom (Ayrom)

Written by Alain Airom (Ayrom)

IT guy for a long time, looking for technical challenges everyday!

No responses yet