Grafana as virtual host with apache https redirect and not default port

Hi,
sorry for my poor english…

I’ve found some topics about the issue, but nothing was working :frowning:

I’ve some named based virtual host on my vserver with redirecting from http to https, based on letsencrypt. It’s working for the other domains very well.

What I want for my grafana installation:

  • redirect from http to https in apache configuration (it works)
  • grafana should not listen at default port 3000, but at individual port (maybe 3123).

My vhost configuration (works for http/https):
>
>
> ServerName wetter.domain.de
>
> Alias /.well-known/acme-challenge /var/www/dehydrated
> <Directory /var/www/dehydrated>
> Require all granted
>
>
> RewriteEngine On
> RewriteCond %{Request_URI} !^/.well-known/acme-challenge
> RewriteCond %{HTTPS} !=on
> RewriteRule ^(.*)$ https://wetter.domain.de/1 [R=301,L] > </VirtualHost> > > <VirtualHost wetter.domain.de:443> > ServerAdmin webmaster@domain.de > ServerName wetter.domain.de > ErrorLog "/var/log/apache2/fswetter-error.log" > CustomLog "/var/log/apache2/fswetter-access.log" common > > ProxyPreserveHost On > ProxyPass / http://127.0.0.1:3123/ > ProxyPassReverse / http://127.0.0.1:3123/ > # also tryed Proxy items with the domain name wetter.domain.de > > ### HSTS: > Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains" > ### CSP: > Header always set Content-Security-Policy "default-src 'self'" > ### X-Frame Options XFO: > Header always append X-Frame-Options SAMEORIGIN > Header edit Set-Cookie ^(.*) $1;HttpOnly;Secure
> Header set X-Content-Type-Options “nosniff”
>
> SSLEngine on
> SSLCertificateFile /etc/dehydrated/certs/wetter.domain.de/fullchain.pem
> SSLCertificateKeyFile /etc/dehydrated/certs/wetter.domain.de/privkey.pem
>

my grafana.ini (tested various versions…):

> [server]
> # Protocol (http, https, socket)
> protocol = http
> 
> # The ip address to bind to, empty will bind to all interfaces
> ;http_addr =
> 
> # The http port  to use
> http_port = 3123
> 
> # The public facing domain name used to access grafana from a browser
> ;domain = localhost
> ;domain = wetter.domain.de
> ; tryed localhost and real domain
> 
> # Redirect to correct domain if host header does not match domain
> # Prevents DNS rebinding attacks
> ;enforce_domain = false
> ; also tryed with true
> 
> root_url = http://wetter.domain.de:3123
> ; also tryed http://127.0.0.1:3123 and http://localhost:3123
> 
> # the path relative working path
> ;static_root_path = public

As you can see I’ve tryed diverse changes in grafana options, but I get always the same error:

Loading Grafana
If you’re seeing this Grafana has failed to load its application files

  1. This could be caused by your reverse proxy settings.
  2. If you host grafana under subpath make sure your grafana.ini root_url setting includes subpath
  3. If you have a local dev build make sure you build frontend using: yarn start, yarn start:hot, or yarn build
  4. Sometimes restarting grafana-server can help

The redirection to https in apache config is working well, the certificate is the right one for this vhost. So it must be wrong with the redirection to grafana.

Maybe someone has more suggestions?
Many thanks
Frank.

I hope I’m not wrong, but I think you have root_url configured in Grafana
you should have

root_url = https://wetter.domain.de

nope. same behavior like before :frowning:

sorry, but no configuration with https redirect works. So I’ve switched to normal http with proxypass to grafana port.

Thank you @ all
Frank