Configure ClickHouse


Follow the steps in this guide to update the nms.conf file if you used a custom address, username, or password or enabled TLS when installing ClickHouse. NGINX Management Suite requires this information to connect to ClickHouse.

Default ClickHouse Values

Unless specified differently in the nms.conf file, NGINX Management Suite uses the following values for ClickHouse by default:

Configuration Default Notes
clickhouse_address tcp://localhost:9000
clickhouse_tls_mode false
clickhouse_tls_address tcp://localhost:9440
clickhouse_skip_verify false clickhouse_skip_verify should be used only for self-signed certificates and is never recommended for production use. When set to true, certificates are not verified, which exposes the connection to man-in-the-middle attacks.
clickhouse_tls_ca_path /etc/ssl/certs/ca-certificates.crt The default value for clickhouse_tls_ca_path works out-of-the-box for Ubuntu and Debian. You’ll need to configure a different Certificate Authority for other distributions. Refer to your distribution’s documentation for additional information.

Use Custom Address, Username, Password

If your ClickHouse installation has a different address, username, or password than the default values, you need to configure NGINX Management Suite to connect to ClickHouse.

After installing Instance manager, take the following steps to set custom values for the ClickHouse address, username, and password:

  1. On the NGINX Management Suite server, open the /etc/nms/nms.conf file for editing.

  2. Change the following settings to match your ClickHouse configuration:

    clickhouse_address = tcp://localhost:9000
    clickhouse_username = <INSERT USERNAME HERE>
    clickhouse_password = <INSERT PASSWORD HERE>
  3. Save the changes and close the file

Configure TLS

If you configured ClickHouse to work with TLS, take the following steps to update the settings in the NGINX Management Suite nms.conf file:

  1. On the NGINX Management Suite server, open the /etc/nms/nms.conf file for editing.

  2. Set TLS mode to true.

    clickhouse_tls_mode = true
  3. Set clickhouse_tls_address to the IP address and port that ClickHouse listens on.

    clickhouse_tls_address = tcp://localhost:9440
  4. Specify the paths for the TLS private key and certificate.

    clickhouse_tls_key_path  = /path/to/client/key.key
    clickhouse_tls_cert_path = /path/to/client/cert.crt
  5. Configure the Certificate Authority (CA) for certificate verification.

    clickhouse_tls_ca_path = /etc/ssl/certs/ca-certificates.crt
  6. Save the changes and close the file.