I’m finishing a configuration for SSL certs in order to grafana uses TLS/SSL, and I got the following error on an attempt to start the service via systemctl
grafana-server: logger=server t=2022-11-18T21:44:04.365832806-03:00 level=error msg=“Server shutdown” error=“*api.HTTPServer run error: open /etc/ssl/private/indexer-key.pem: permission denied”
It is requested to me uses the follwoing configuration at grafana.ini:
protocol = https http_port = 3000 domain = grafana.job-GT62VR-7RE root_url = %(protocol)s://%(domain)s/ cert_file = /etc/ssl/certs/root-ca.pem cert_key = /etc/ssl/private/admin-key.pem
Checking for some solutions, I’ve validate the user and group for these files, and granted more permissions, see below:
-r--r--r-- 1 wazuh-indexer wazuh-indexer 1,2K nov 16 11:58 root-ca.pem (works even without group grafana) -rwxrwxrwx 1 root grafana 1,7K nov 16 11:58 admin-key.pem (even with chmod 777, files is not readable)
Let me paste a complete message as picture below:
Please, someone can help me to overcome this situation ?
with chmod 644 (-rw-r–r–) not works
Also, I’ve create a key for these service, as a test, like below, and didn’t work, following the procedure from this site:
Which ask us to generate key and crt file with openssl
openssl genrsa -out grafana.key 2048
openssl req -new -key grafana.key -out grafana.csr
see that not worked:
I’ve just make this test with new certs, but my intent is to uses the already created and used by wazuh and graylog dashborads with no problem, just grafana cannot reads the file.
Thank you for you attention and help,