Deploy OpenObserve binary behind Nginx on Ubuntu
Quickstart guide by OpenObserve.
🔗Installing OpenObserve
Download binary:
mkdir ~/openobserve && cd $_
curl -L https://raw.githubusercontent.com/openobserve/openobserve/main/download.sh | sh
chmod +x openobserve
Create Environment file
tee openobserve.env << 'EOF'
# Data directory for OpenObserve. This is crucial for local storage.
ZO_DATA_DIR="/home/ubuntu/openobserve/data"
# The port OpenObserve will listen on (default is 5080)
ZO_PORT=5080
# The root user email and password for initial login.
# CHANGE THESE TO SECURE VALUES!
ZO_ROOT_USER_EMAIL="admin@example.com"
ZO_ROOT_USER_PASSWORD="SecurePassword123"
ZO_META_STORE="sqlite"
ZO_WEB_URL="https://your-domain
# disabling OpenObserve's telemetry to their server
ZO_TELEMETRY=false
EOF
sudo chmod 600 openobserve.env
Creating systemd service
sudo tee /etc/systemd/system/openobserve.service << 'EOF'
[Unit]
Description=OpenObserve Observability Platform
After=network-online.target
Wants=network-online.target
[Service]
# Service type: 'simple' means the process will be the main process
Type=simple
User=ubuntu
Group=ubuntu
WorkingDirectory=/home/ubuntu/openobserve
EnvironmentFile=/home/ubuntu/openobserve/openobserve.env
ExecStart=/home/ubuntu/openobserve/openobserve
Restart=on-failure
RestartSec=5s
# Limit the number of open file descriptors, important for high-concurrency apps.
# Adjust as needed based on your expected load.
LimitNOFILE=65536
# Redirect standard output and error to systemd journal.
StandardOutput=journal
StandardError=journal
# How long to wait before forcefully terminating the service on stop.
TimeoutStopSec=30s
[Install]
# This unit should be enabled for multi-user systems.
# Allows it to start automatically on boot.
WantedBy=multi-user.target
EOF
Start service
# Reload systemd daemon to pick up the new service file
sudo systemctl daemon-reload
# Enable the service to start on boot
sudo systemctl enable openobserve
# Start the OpenObserve service
sudo systemctl start openobserve
Check the service status and logs
# Check service status
sudo systemctl status openobserve
# View logs
sudo journalctl -u openobserve -f
🔗Reverse Proxy - Nginx
Install Nginx
sudo apt -y install nginx
sudo tee /etc/nginx/sites-available/openobserve << 'EOF'
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80; # IPv4
listen [::]:80; # IPv6
server_name your-domain;
# Hide server information headers
server_tokens off;
# Enable gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1024; # Only gzip if size is at least 1KB
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# Proxy settings
location / {
include proxy_params;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_pass http://localhost:5080;
}
location /metrics {
# allow 192.168.1.100; # <--- REPLACE WITH YOUR MONITORING SERVER'S IP
deny all;
}
# Security headers
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
}
EOF
sudo ln -s /etc/nginx/sites-available/openobserve /etc/nginx/sites-enabled/
# test nginx conf
sudo nginx -t
sudo systemctl restart nginx
Afterwards, to gracefully restart nginx, do this:
sudo nginx -s reload # OR sudo systemctl reload nginx
🔗TLS Installation
sudo snap install core; sudo snap refresh core
sudo apt remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d your-domain