cloudrocket https://www.cloudrocket.at/ Recent content on cloudrocket Hugo -- gohugo.io en-us Sat, 02 Jan 2021 21:27:01 +0100 Deploy an self hosted mail server with poste.io & nginx proxy https://www.cloudrocket.at/posts/self-hosted-mail-server-with-poste.io-and-nginx/ Sat, 02 Jan 2021 21:27:01 +0100 https://www.cloudrocket.at/posts/self-hosted-mail-server-with-poste.io-and-nginx/ <h1 id="about">about</h1> <p><a href="https://poste.io/">poste.io</a> is an fully featured self hosted email server which you can deploy in few minutes (nearly). There&rsquo;s no magic rocket science in a black box, poste.io consists of bullet proof resilient <a href="https://poste.io/doc/mailserver-parts">parts</a></p> <h1 id="basic-setup">basic setup</h1> <p>To easily deploy the mail server follow the documentation on the <a href="https://poste.io/doc/getting-started">getting-started</a> page or use an <a href="https://gist.github.com/analogic/51fbe91b580d7913b72320f89bf994cc">docker-compose</a> template.</p> <h2 id="before-you-start">before you start</h2> <p>check that the following <a href="https://poste.io/doc/configuring-dns">DNS dependencies</a> are met:</p> <ul> <li><input checked="" disabled="" type="checkbox"> A &amp; CNAME records for mail server - e.g. <code>mail.yourdomain.com</code></li> <li><input checked="" disabled="" type="checkbox"> MX record for mail server</li> <li><input checked="" disabled="" type="checkbox"> <a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">TXT-SPF record for mail server</a> - e.g. <code>v=spf1 mx ip4:YOUR_EXT_SERVER_IP -all</code>. You can test it with an <a href="https://poste.io/spf">SPF-Tester</a></li> <li><input checked="" disabled="" type="checkbox"> <a href="https://en.wikipedia.org/wiki/DMARC">TXT-DMARC record for mail server</a> - e.g. <code>v=DMARC1; p=none; rua=mailto:admin@YOUR_DOMAIN.COM; ruf=mailto:admin@YOUR_DOMAIN.COM</code>. You can test it with an <a href="https://poste.io/dmarc">DMARC-Tester</a></li> </ul> <h2 id="the-config">the config</h2> <p>If you start with the <a href="https://gist.github.com/analogic/51fbe91b580d7913b72320f89bf994cc">gist-config</a> maybe you stuck with the same problem like me. I&rsquo;m using an <a href="https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion">&ldquo;frontend&rdquo; nginx TLS proxy</a> which handles the letsencrypt certificates in another docker container. So i set up poste.io with external docker bridges <a href="https://poste.io/doc/network-schemes"><img src="https://www.cloudrocket.at/images/2021/poste_network.png" alt="Poste networks" title="Poste.io docker networks"></a></p> <h2 id="the-tls-termination-problem">the tls termination &ldquo;problem&rdquo;</h2> <p>At the first try poste.io started up &amp; the proxy container requests the new letsencrypt certs &amp; the https login to the mailserver worked out of the box. The problem was that i forgot to link the certs from the proxy to the mail server. So the other TLS ports stucks with an default self signed cert.</p> <p><img src="https://www.cloudrocket.at/images/2021/poste_ports.png" alt="TLS ports" title="Poste.io TLS without valid cert on first try"></p> <p>To link the certs from the proxy to poste.io attach the following lines to your docker-compose.yml:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">... volumes: - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/key.pem:/data/ssl/server.key:ro - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/fullchain.pem:/data/ssl/ca.crt:ro - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/cert.pem:/data/ssl/server.crt:ro ... </code></pre></div><h2 id="the-final-config">the final config</h2> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">version: <span style="color:#e6db74">&#39;3&#39;</span> services: mailserver: image: analogic/poste.io:2 <span style="color:#75715e"># container_name: mailserver</span> restart: unless-stopped ports: - <span style="color:#e6db74">&#34;25:25&#34;</span> - <span style="color:#e6db74">&#34;110:110&#34;</span> - <span style="color:#e6db74">&#34;143:143&#34;</span> - <span style="color:#e6db74">&#34;465:465&#34;</span> - <span style="color:#e6db74">&#34;587:587&#34;</span> - <span style="color:#e6db74">&#34;993:993&#34;</span> - <span style="color:#e6db74">&#34;995:995&#34;</span> <span style="color:#75715e"># - &#34;4190:4190&#34;</span> environment: - HTTPS<span style="color:#f92672">=</span>OFF - LETSENCRYPT_EMAIL<span style="color:#f92672">=</span>admin@YOUR_DOMAIN.com - LETSENCRYPT_HOST<span style="color:#f92672">=</span>mail.YOUR_DOMAIN.com - VIRTUAL_HOST<span style="color:#f92672">=</span>mail.YOUR_DOMAIN.com volumes: - /etc/localtime:/etc/localtime:ro - ./data:/data - NGINX_PROXY_PATH/ssl/html/.well-known:/opt/www/.well-known:ro - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/key.pem:/data/ssl/server.key:ro - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/fullchain.pem:/data/ssl/ca.crt:ro - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/cert.pem:/data/ssl/server.crt:ro networks: - frontend - default networks: frontend: external: name: frontend_proxy </code></pre></div><p>With this config the valid certs get linked from the nginx proxy to the mail server (which is pretty useful if you want to offer some TLS services).</p> <h2 id="do-some-testing">do some testing</h2> <p>If you now fire up the compose file, the TLS ports should be reached externaly with the valid TLS certs:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#75715e"># do some testing</span> HOST<span style="color:#f92672">=</span>mail.YOUR_DOMAIN.com <span style="color:#75715e"># test the SMTP port 587 with STARTTLS</span> echo | openssl s_client -servername $HOST -connect $HOST:587 -starttls smtp 2&gt;/dev/null | openssl x509 -noout -issuer -subject -dates <span style="color:#75715e"># test the SMTPS, IMAPS &amp; POP3S ports</span> <span style="color:#66d9ef">for</span> PORT in <span style="color:#ae81ff">465</span> <span style="color:#ae81ff">993</span> 995; <span style="color:#66d9ef">do</span> echo | openssl s_client -servername $HOST -connect $HOST:$PORT 2&gt;/dev/null | openssl x509 -noout -issuer -subject -dates; <span style="color:#66d9ef">done</span> </code></pre></div><h1 id="security-recommendations">security recommendations</h1> <h2 id="optional-set-minimum-tls-12-for-clients">(optional) set minimum TLS 1.2 for clients</h2> <p>If you use only <em>modern</em> clients you safely can force TLS 1.2 as minimum for clients</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">docker exec -it CONTAINER_NAME bash sed -i <span style="color:#e6db74">&#39;s#inbound_min_version\ =\ &#34;&#34;#inbound_min_version\ =\ TLSv1.2#g&#39;</span> /data/server.ini sed -i <span style="color:#e6db74">&#39;s#inbound_ciphers\ =\ &#34;&#34;#inbound_ciphers\ =\ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384#g&#39;</span> /data/server.ini exit docker restart CONTAINER_NAME </code></pre></div><h2 id="optional-configure-dkim-keys">(optional) configure DKIM keys</h2> <p>DKIM keys will increase security &amp; avoid spamming. To enable DKIM keys got to &ldquo;Virtual domains → your-domain.com&rdquo; &amp; click on create keys. This will auto generate your private keys and your DNS TXT public key entry which should look like this:</p> <pre><code>_sYEARMMDD000._domainkey.your-domain.com IN TXT &quot;k=rsa;p=...... </code></pre><p><img src="https://www.cloudrocket.at/images/2021/poste_dkim.png" alt="DKIM" title="configure DKIM keys"></p> <p>Add an appropriate TXT entry to your DNS config &amp; test it with an <a href="https://poste.io/dkim?cloudrocket.at&amp;s20210103707">DKIM-Tester</a>. You also can trigger an full test with test emails =&gt; <a href="https://www.appmaildev.com/de/dkim">https://www.appmaildev.com/de/dkim</a></p> <h1 id="enjoy">enjoy</h1> <p><img src="https://media.giphy.com/media/yidUzHnBk32Um9aMMw/giphy.gif" alt="soo amazing fast" title="soo amazing fast"></p> Monitor OpenWrt nodes with Prometheus https://www.cloudrocket.at/posts/monitor-openwrt-nodes-with-prometheus/ Mon, 28 Dec 2020 21:40:49 +0100 https://www.cloudrocket.at/posts/monitor-openwrt-nodes-with-prometheus/ <h1 id="motivation">motivation</h1> <p>I&rsquo;am using OpenWrt for a long time and monitoring of them was always a little bit tricky. It&rsquo;s getting more complex if you&rsquo;re going to use more access points. It&rsquo;s an no brainer since the <a href="https://openwrt.org/packages/table/start?dataflt%5BName_pkg-dependencies*~%5D=prometheus-node">prometheus-node-exporter</a> scripts exist.</p> <h1 id="openwrt-setup">openwrt setup</h1> <h2 id="install-scripts">install scripts</h2> <p>You should start with an up to date OpenWrt router. Install the prometheus node exporter scripts:</p> <ul> <li>prometheus-node-exporter-lua</li> <li>prometheus-node-exporter-lua-nat_traffic</li> <li>prometheus-node-exporter-lua-netstat</li> <li>prometheus-node-exporter-lua-openwrt</li> <li>prometheus-node-exporter-lua-wifi</li> <li>prometheus-node-exporter-lua-wifi_stations</li> </ul> <p><a href="https://openwrt.org/packages/table/start?dataflt%5BName_pkg-dependencies*~%5D=prometheus-node"><img src="https://www.cloudrocket.at/images/2020/openwrt_prometheus_node_pkgs.png" alt="packages" title="OpenWrt Package list"></a></p> <h2 id="change-listening-interface">change listening interface</h2> <p>If you use the default config, the node exporter can only be queried from the loopback interface.</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">root@OpenWrt:/etc/config# cat prometheus-node-exporter-lua config prometheus-node-exporter-lua <span style="color:#e6db74">&#39;main&#39;</span> option listen_interface <span style="color:#e6db74">&#39;loopback&#39;</span> option listen_ipv6 <span style="color:#e6db74">&#39;0&#39;</span> option listen_port <span style="color:#e6db74">&#39;9100&#39;</span> </code></pre></div><p>For my setup i&rsquo;ll change it to the lan network interface:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">root@OpenWrt:/etc/config# sed -i.bak <span style="color:#e6db74">&#39;s#loopback#lan#g&#39;</span> /etc/config/prometheus-node-exporter-lua </code></pre></div><p>&amp; restart the exporter</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">root@OpenWrt:/etc/config# /etc/init.d/prometheus-node-exporter-lua restart </code></pre></div><h2 id="optional-check">(optional) check</h2> <h4 id="--running-exporter-interface">- running exporter interface</h4> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">root@OpenWrt:/etc/config# netstat -tulpn | grep <span style="color:#ae81ff">9100</span> tcp <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">0</span> YOUR_ROUTER_IP:9100 0.0.0.0:* LISTEN 3469/lua </code></pre></div><h4 id="--running-exporter-config">- running exporter config</h4> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">root@OpenWrt:/etc/config# ps | grep prometheus <span style="color:#ae81ff">3469</span> root <span style="color:#ae81ff">1920</span> S <span style="color:#f92672">{</span>prometheus-node<span style="color:#f92672">}</span> /usr/bin/lua /usr/bin/prometheus-node-exporter-lua --bind YOUR_ROUTER_IP --port <span style="color:#ae81ff">9100</span> </code></pre></div><h4 id="--open-port-from-host-in-lan">- open port from host in lan</h4> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN ~<span style="color:#f92672">]</span>$ nmap YOUR_ROUTER_IP -p <span style="color:#ae81ff">9100</span> 9100/tcp open jetdirect </code></pre></div><h4 id="--metrics-from-host-in-lan">- metrics from host in lan</h4> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN ~<span style="color:#f92672">]</span>$ curl YOUR_ROUTER_IP:9100/metrics </code></pre></div><p>&amp; you should see a lot of metrics here &hellip;</p> <h1 id="optional-prometheus-setup">(optional) prometheus setup</h1> <p>You&rsquo;re now ready to setup up Prometheus. If you already have an instance, you just need to add the <a href="https://www.cloudrocket.at/posts/monitor-openwrt-nodes-with-prometheus/#prometheus-config">scrape_config</a> . If you haven&rsquo;t one, no problem =&gt;</p> <h2 id="startup-new-instance">startup new instance</h2> <p>If your&rsquo;re familiar with docker &amp; compose you can simply start up new prometheus/grafana instances. <strong>Use this config only for temporary usage</strong>:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#f92672">version</span>: <span style="color:#e6db74">&#39;2.1&#39;</span> <span style="color:#f92672">networks</span>: <span style="color:#f92672">monitor-net</span>: <span style="color:#f92672">driver</span>: <span style="color:#ae81ff">bridge</span> <span style="color:#f92672">volumes</span>: <span style="color:#f92672">prometheus_data</span>: {} <span style="color:#f92672">grafana_data</span>: {} <span style="color:#f92672">services</span>: <span style="color:#f92672">prometheus</span>: <span style="color:#f92672">image</span>: <span style="color:#ae81ff">prom/prometheus:v2.23.0</span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">prometheus</span> <span style="color:#f92672">volumes</span>: - <span style="color:#ae81ff">./prometheus:/etc/prometheus</span> - <span style="color:#ae81ff">prometheus_data:/prometheus</span> <span style="color:#f92672">command</span>: - <span style="color:#e6db74">&#39;--config.file=/etc/prometheus/prometheus.yml&#39;</span> - <span style="color:#e6db74">&#39;--storage.tsdb.path=/prometheus&#39;</span> - <span style="color:#e6db74">&#39;--web.console.libraries=/etc/prometheus/console_libraries&#39;</span> - <span style="color:#e6db74">&#39;--web.console.templates=/etc/prometheus/consoles&#39;</span> - <span style="color:#e6db74">&#39;--storage.tsdb.retention.time=200h&#39;</span> - <span style="color:#e6db74">&#39;--web.enable-lifecycle&#39;</span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> <span style="color:#f92672">expose</span>: - <span style="color:#ae81ff">9090</span> <span style="color:#f92672">ports</span>: - <span style="color:#ae81ff">9090</span>:<span style="color:#ae81ff">9090</span> <span style="color:#f92672">networks</span>: - <span style="color:#ae81ff">monitor-net</span> <span style="color:#f92672">labels</span>: <span style="color:#f92672">org.label-schema.group</span>: <span style="color:#e6db74">&#34;monitoring&#34;</span> <span style="color:#f92672">grafana</span>: <span style="color:#f92672">image</span>: <span style="color:#ae81ff">grafana/grafana:7.3.6</span> <span style="color:#f92672">container_name</span>: <span style="color:#ae81ff">grafana</span> <span style="color:#f92672">volumes</span>: - <span style="color:#ae81ff">grafana_data:/var/lib/grafana</span> - <span style="color:#ae81ff">./grafana/provisioning:/etc/grafana/provisioning</span> <span style="color:#f92672">environment</span>: - <span style="color:#ae81ff">GF_SECURITY_ADMIN_USER=${ADMIN_USER:-admin}</span> - <span style="color:#ae81ff">GF_SECURITY_ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}</span> - <span style="color:#ae81ff">GF_USERS_ALLOW_SIGN_UP=false</span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> <span style="color:#f92672">expose</span>: - <span style="color:#ae81ff">3000</span> <span style="color:#f92672">ports</span>: - <span style="color:#ae81ff">3000</span>:<span style="color:#ae81ff">3000</span> <span style="color:#f92672">networks</span>: - <span style="color:#ae81ff">monitor-net</span> <span style="color:#f92672">labels</span>: <span style="color:#f92672">org.label-schema.group</span>: <span style="color:#e6db74">&#34;monitoring&#34;</span> </code></pre></div><p>This is an trimmed down &amp; modified version from <a href="https://raw.githubusercontent.com/stefanprodan/dockprom/master/docker-compose.yml">stefanprodan</a></p> <h2 id="prometheus-config">prometheus config</h2> <p>Before you spin up prometheus you have to change/add the config. Replace YOUR_ROUTER_IP:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN ~<span style="color:#f92672">]</span>$ vi prometheus/prometheus.yml </code></pre></div><div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#f92672">global</span>: <span style="color:#f92672">scrape_interval</span>: <span style="color:#ae81ff">15s</span> <span style="color:#f92672">evaluation_interval</span>: <span style="color:#ae81ff">15s</span> <span style="color:#75715e"># Attach these labels to any time series or alerts when communicating with</span> <span style="color:#75715e"># external systems (federation, remote storage, Alertmanager).</span> <span style="color:#f92672">external_labels</span>: <span style="color:#f92672">monitor</span>: <span style="color:#e6db74">&#39;docker-host-alpha&#39;</span> <span style="color:#75715e"># Load and evaluate rules in this file every &#39;evaluation_interval&#39; seconds.</span> <span style="color:#f92672">rule_files</span>: - <span style="color:#e6db74">&#34;alert.rules&#34;</span> <span style="color:#75715e"># A scrape configuration containing exactly one endpoint to scrape.</span> <span style="color:#f92672">scrape_configs</span>: - <span style="color:#f92672">job_name</span>: <span style="color:#e6db74">&#39;openwrt-router1&#39;</span> <span style="color:#f92672">scrape_interval</span>: <span style="color:#ae81ff">5s</span> <span style="color:#f92672">static_configs</span>: - <span style="color:#f92672">targets</span>: [<span style="color:#e6db74">&#39;YOUR_ROUTER_IP:9100&#39;</span>] </code></pre></div><p>Your directory structure should be similar like this:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN dockprom<span style="color:#f92672">]</span>$ tree . ├── docker-compose.yml ├── grafana │   └── provisioning └── prometheus └── prometheus.yml </code></pre></div><h2 id="start-containers">start containers</h2> <p>Now start the docker containers in detached mode:</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN dockprom<span style="color:#f92672">]</span>$ docker-compose up -d </code></pre></div><p>After the images was pulled they should be started after a few seconds</p> <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>user@HOST-IN-LAN dockprom<span style="color:#f92672">]</span>$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea8419f267e5 prom/prometheus:v2.23.0 <span style="color:#e6db74">&#34;/bin/prometheus --c…&#34;</span> <span style="color:#ae81ff">3</span> hours ago Up <span style="color:#ae81ff">3</span> hours 0.0.0.0:9090-&gt;9090/tcp prometheus f17822ba6bcf grafana/grafana:7.3.6 <span style="color:#e6db74">&#34;/run.sh&#34;</span> <span style="color:#ae81ff">3</span> hours ago Up <span style="color:#ae81ff">3</span> hours 0.0.0.0:3000-&gt;3000/tcp grafana </code></pre></div><p>Open the grafana dashboard in your browser =&gt; <a href="http://localhost:3000">http://localhost:3000</a>. The default credentials are admin / admin. You&rsquo;re prompted to change it.</p> <h1 id="configure-grafana">configure grafana</h1> <h2 id="add-prometheus-datasource">add prometheus datasource</h2> <p>Now add the new Prometheus instance as datasource to grafana. Go to <a href="http://localhost:3000/datasources/new">Configuration/Datasources</a>, select the prometheus datasource &amp; configure the URL. We can use the docker container name here because we are in the same docker network. If your run another setup, add here the ip of your main Prometheus server:</p> <p><img src="https://www.cloudrocket.at/images/2020/openwrt_grafana_datasource.png" alt="Datasource" title="Prometheus datasource in Grafana"></p> <h2 id="add-openwrt-dashboard">add OpenWrt dashboard</h2> <p>Now you can <a href="http://localhost:3000/dashboard/import">import the dashboard</a>. You can use my <a href="https://grafana.com/grafana/dashboards/11147">Grafana dashboard for OpenWrt (11147)</a>.</p> <p><a href="https://grafana.com/grafana/dashboards/11147"><img src="https://www.cloudrocket.at/images/2020/openwrt_grafana_dash1.png" alt="Grafana dashboard" title="Grafana dashboard"></a></p> <p>Select the newly created Prometheus datasource.</p> <p><img src="https://www.cloudrocket.at/images/2020/openwrt_grafana_dash2.png" alt="Grafana dashboard" title="Grafana dashboard"></p> <h1 id="watch-the-magic">watch the magic</h1> <p><a href="http://localhost:3000/d/fLi0yXAWk/openwrt?orgId=1&amp;refresh=30s"><img src="https://www.cloudrocket.at/images/2020/openwrt_magic.gif" alt="Magic" title="It's magic"></a></p>