Grafana https configuration


#1

Hi everyone! I’m struggling to configure Grafana to work via https. I have certificates generated by Let’s Encrypt, and grafana.ini configured like this:

[server]
# Protocol (http or https)
protocol = https

# The ip address to bind to, empty will bind to all interfaces
;http_addr =

# The http port  to use
http_port = 3000

# The public facing domain name used to access grafana from a browser
domain = localhost

# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
enforce_domain = false

# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = http://localhost:3000

# Log web requests
router_logging = false

# the path relative working path
static_root_path = public

# enable gzip
enable_gzip = false

# https certs & key file
cert_file = /etc/letsencrypt/live/mysite/fullchain.pem
cert_key = /etc/letsencrypt/live/mysite/privkey.pem

my openhab running on 443 port, so the question is… Is it possible to run both grafana and openhab on https?


#2

you can run https on any port

root_url = http://localhost:3000
```
This should be the url you want to use in the browser, so https://my_certififed_domain:3000  (if you want to use port 3000 for https)

#3

this config leading to an error - grafana-server is failing to start

  [server]
    # Protocol (http or https)
    protocol = https

    # The ip address to bind to, empty will bind to all interfaces
    ;http_addr =

    # The http port  to use
    #http_port = 3000

    # The public facing domain name used to access grafana from a browser
    #domain = localhost

    # Redirect to correct domain if host header does not match domain
    # Prevents DNS rebinding attacks
    #enforce_domain = false

    # The full public facing url you use in browser, used for redirects and emails
    # If you use reverse proxy and sub path specify full url (with sub path)
    root_url = https://localhost:3000

    # Log web requests
    #router_logging = false

    # the path relative working path
    #static_root_path = public

    # enable gzip
    #enable_gzip = false

    # https certs & key file
    cert_file = /etc/letsencrypt/live/mysite/fullchain.pem
    cert_key = /etc/letsencrypt/live/mysite/privkey.pem

is there someone who did such kind of thing?

UPD: in grafana log file I found

t=2017-04-13T14:48:42+0000 lvl=info msg="Initializing HTTP Server" logger=http.server address=0.0.0.0:3000 protocol=https subUrl=
t=2017-04-13T14:48:42+0000 lvl=eror msg="Fail to start server" logger=server error="open /etc/letsencrypt/live/mysite/fullchain.pem: permission denied"
t=2017-04-13T14:48:42+0000 lvl=info msg="Shutdown started" logger=server code=1 reason="Startup failed"

and that is weird, because

root@server:~# stat /etc/letsencrypt/live/mysite/fullchain.pem
  File: ‘/etc/letsencrypt/live/mysite/fullchain.pem’ -> ‘../../archive/mysite/fullchain1.pem’
  Size: 48              Blocks: 0          IO Block: 4096   symbolic link
Device: b302h/45826d    Inode: 517147      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-04-10 11:38:32.720709836 +0000
Modify: 2017-04-10 11:38:32.720709836 +0000
Change: 2017-04-10 11:38:32.720709836 +0000
 Birth: -

#4

Seems there is a permission problem


#5

problem was solved by placing certificate key file to grafana folder /etc/grafana/


#6

Can someone help me on configuring the https for grafana? I am running grafana as a windows service in my local host.


#7

how to solve this permission error. please help.

Placing cert file to /etc/grafana is not a solution.

the solution work for me is to copy the cert and private key to some other location like (/opt or something) and mention the same path in grafana.ini


#8

Do you need help? Is sounds like you have already figured this out?


#9

Thanks for reply.

But I have solved the issue.

Thanks again.