Documentation

chronograf - Chronograf server

The chronograf daemon starts and manages all the processes associated with the Chronograf server and includes options that manage many aspects of Chronograf security.

Usage

chronograf [flags]

Flags

Chronograf server flags

FlagDescriptionEnv. Variable
--hostIP the Chronograf service listens on. By default, 0.0.0.0HOST
--portPort the Chronograf service listens on for insecure connections. By default, 8888PORT
-b--bolt-pathFile path to the BoltDB file. By default, ./chronograf-v1.dbBOLT_PATH
-c--canned-pathFile path to the directory of canned dashboard files. By default, /usr/share/chronograf/cannedCANNED_PATH
--resources-pathPath to directory of canned dashboards, sources, Kapacitor connections, and organizations. By default, /usr/share/chronograf/resourcesRESOURCES_PATH
-p--basepathURL path prefix under which all Chronograf routes will be mounted.BASE_PATH
--status-feed-urlURL of JSON feed to display as a news feed on the client status page. By default, https://www.influxdata.com/feed/jsonSTATUS_FEED_URL
-v--versionDisplays the version of the Chronograf service
-h--host-page-disabledDisables the hosts pageHOST_PAGE_DISABLED

InfluxDB connection flags

FlagDescriptionEnv. Variable
--influxdb-urlInfluxDB URL, including the protocol, IP address, and portINFLUXDB_URL
--influxdb-usernameInfluxDB usernameINFLUXDB_USERNAME
--influxdb-passwordInfluxDB passwordINFLUXDB_PASSWORD
--influxdb-orgInfluxDB 2.x or InfluxDB Cloud organization nameINFLUXDB_ORG
--influxdb-tokenInfluxDB 2.x or InfluxDB Cloud authentication tokenINFLUXDB_TOKEN

Kapacitor connection flags

FlagDescriptionEnv. Variable
--kapacitor-urlLocation of your Kapacitor instance, including http://, IP address, and portKAPACITOR_URL
--kapacitor-usernameUsername for your Kapacitor instanceKAPACITOR_USERNAME
--kapacitor-passwordPassword for your Kapacitor instanceKAPACITOR_PASSWORD

TLS (Transport Layer Security) flags

FlagDescriptionEnv. Variable
--certFile path to PEM-encoded public key certificateTLS_CERTIFICATE
--keyFile path to private key associated with given certificateTLS_PRIVATE_KEY
--tls-ciphersComma-separated list of supported cipher suites. Use help to print available ciphers.TLS_CIPHERS
--tls-min-versionMinimum version of the TLS protocol that will be negotiated. (default: 1.2)TLS_MIN_VERSION
--tls-max-versionMaximum version of the TLS protocol that will be negotiated.TLS_MAX_VERSION

Other server option flags

FlagDescriptionEnv. Variable
--custom-auto-refreshAdd custom auto-refresh options using semicolon-separated list of label=milliseconds pairsCUSTOM-AUTO-REFRESH
--custom-linkAdd a custom link to Chronograf user menu options using <display_name>:<link_address> syntax. For multiple custom links, include multiple flags.
-d--developRun the Chronograf service in developer mode
-h--helpDisplay command line help for Chronograf
-l--log-levelSet the logging level. Valid values include info (default), debug, and errorLOG_LEVEL
-r--reporting-disabledDisable reporting of usage statistics. Usage statistics reported once every 24 hours include: OS, arch, version, cluster_id, and uptime.REPORTING_DISABLED

Authentication option flags

General authentication flags

FlagDescriptionEnv. Variable
-t--token-secretSecret for signing tokensTOKEN_SECRET
--auth-durationTotal duration, in hours, of cookie life for authentication. Default value is 720h.AUTH_DURATION
--public-urlPublic URL required to access Chronograf using a web browser. For example, if you access Chronograf using the default URL, the public URL value would be http://localhost:8888. Required for Google OAuth 2.0 authentication. Used for Auth0 and some generic OAuth 2.0 authentication providers.PUBLIC_URL
—-htpasswdPath to password file for use with HTTP basic authentication. See NGINX documentation for more on password files.HTPASSWD

GitHub-specific OAuth 2.0 authentication flags

FlagDescriptionEnv. Variable
--github-urlGitHub base URL. Default is https://github.com. Required if using GitHub EnterpriseGH_URL
-i--github-client-idGitHub client ID value for OAuth 2.0 supportGH_CLIENT_ID
-s--github-client-secretGitHub client secret value for OAuth 2.0 supportGH_CLIENT_SECRET
-o--github-organizationRestricts authorization to users from specified GitHub organizations. To add more than one organization, add multiple flags. Optional.GH_ORGS

Google-specific OAuth 2.0 authentication flags

FlagDescriptionEnv. Variable
--google-client-idGoogle client ID value for OAuth 2.0 supportGOOGLE_CLIENT_ID
--google-client-secretGoogle client secret value for OAuth 2.0 supportGOOGLE_CLIENT_SECRET
--google-domainsRestricts authorization to users from specified Google email domain. To add more than one domain, add multiple flags. Optional.GOOGLE_DOMAINS

Auth0-specific OAuth 2.0 authentication flags

FlagDescriptionEnv. Variable
--auth0-domainSubdomain of your Auth0 client. Available on the configuration page for your Auth0 client.AUTH0_DOMAIN
--auth0-client-idAuth0 client ID value for OAuth 2.0 supportAUTH0_CLIENT_ID
--auth0-client-secretAuth0 client secret value for OAuth 2.0 supportAUTH0_CLIENT_SECRET
--auth0-organizationsRestricts authorization to users specified Auth0 organization. To add more than one organization, add multiple flags. Optional. Organizations are set using an organization key in the user’s app_metadata.AUTH0_ORGS

Heroku-specific OAuth 2.0 authentication flags

FlagDescriptionEnv. Variable
--heroku-client-idHeroku client ID value for OAuth 2.0 supportHEROKU_CLIENT_ID
--heroku-secretHeroku secret for OAuth 2.0 supportHEROKU_SECRET
--heroku-organizationRestricts authorization to users from specified Heroku organization. To add more than one organization, add multiple flags. Optional.HEROKU_ORGS

Generic OAuth 2.0 authentication flags

FlagDescriptionEnv. Variable
--generic-nameGeneric OAuth 2.0 name presented on the login pageGENERIC_NAME
--generic-client-idGeneric OAuth 2.0 client ID value. Can be used for a custom OAuth 2.0 service.GENERIC_CLIENT_ID
--generic-client-secretGeneric OAuth 2.0 client secret valueGENERIC_CLIENT_SECRET
--generic-scopesScopes requested by provider of web clientGENERIC_SCOPES
--generic-domainsEmail domain required for user email addressesGENERIC_DOMAINS
--generic-auth-urlAuthorization endpoint URL for the OAuth 2.0 providerGENERIC_AUTH_URL
--generic-token-urlToken endpoint URL for the OAuth 2.0 providerGENERIC_TOKEN_URL
--generic-api-urlURL that returns OpenID UserInfo-compatible informationGENERIC_API_URL
--oauth-no-pkceDisable OAuth PKCEOAUTH_NO_PKCE

etcd flags

FlagDescriptionEnv. Variable
-e--etcd-endpointsetcd endpoint URL (include multiple flags for multiple endpoints)ETCD_ENDPOINTS
--etcd-usernameetcd usernameETCD_USERNAME
--etcd-passwordetcd passwordETCD_PASSWORD
--etcd-dial-timeoutTotal time to wait before timing out while connecting to etcd endpoints (0 means no timeout, default: -1s)ETCD_DIAL_TIMEOUT
--etcd-request-timeoutTotal time to wait before timing out the etcd view or update (0 means no timeout, default: -1s)ETCD_REQUEST_TIMEOUT
--etcd-certPath to PEM-encoded TLS public key certificate for use with TLSETCD_CERTIFICATE
--etcd-keyPath to private key associated with given certificate for use with TLSETCD_PRIVATE_KEY
--etcd-root-caPath to root CA certificate for TLS verificationETCD-ROOT-CA

Was this page helpful?

Thank you for your feedback!


The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

InfluxDB v3 enhancements and InfluxDB Clustered is now generally available

New capabilities, including faster query performance and management tooling advance the InfluxDB v3 product line. InfluxDB Clustered is now generally available.

InfluxDB v3 performance and features

The InfluxDB v3 product line has seen significant enhancements in query performance and has made new management tooling available. These enhancements include an operational dashboard to monitor the health of your InfluxDB cluster, single sign-on (SSO) support in InfluxDB Cloud Dedicated, and new management APIs for tokens and databases.

Learn about the new v3 enhancements


InfluxDB Clustered general availability

InfluxDB Clustered is now generally available and gives you the power of InfluxDB v3 in your self-managed stack.

Talk to us about InfluxDB Clustered