Grafana with SSL and Apache reverse proxy continuously redirects

Grafana Configuration
1

I am attempting to move my Grafana install from a non-SSL to SSL link. It sits behind an Apache reverse proxy and worked fine before I tried to set up SSL.

I have seen many tutorials that look like this one, which is what I have done.

My Apache config looks like this (with the domain name changed to example.com)

    ServerAdmin nermel@example.com
    ServerName grafana.example.com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]

    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>

<VirtualHost *:443>
    ServerName grafana.example.com
    ServerSignature Off

    SSLEngine on
    SSLCertificateFile /opt/repos/dehydrated/certs/grafana.example.com/cert.pem
    SSLCertificateKeyFile /opt/repos/dehydrated/certs/grafana.example.com/privkey.pem
    SSLCertificateChainFile /opt/repos/dehydrated/certs/grafana.example.com/chain.pem
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:3000/
    ProxyPassReverse / http://0.0.0.0:3000/

    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common

 </VirtualHost>

In my grafana.ini I’ve only changed the following. Everything else is still commented out and using defaults:

domain = grafana.example.com
root_url = https://grafana.example.com

I have no errors in my grafana.log file and it starts up as expected. It ends with

t=2019-05-30T14:51:31-0500 lvl=info msg="HTTP Server Listen" logger=http.server address=0.0.0.0:3000 protocol=http subUrl= socket=

My DNS entries and SSL certificates are correctly installed.

If I visit the full URL (grafana.example.com) Apache performs a ton of redirects and then the request fails with Chrome reporting that to many redirects have occurred. My access log looks like this (with the IPs scrubbed)

162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:57 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 581
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:58 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580
162.158.xxx.xxx - - [30/May/2019:14:51:59 -0500] "GET /?orgId=1 HTTP/1.1" 302 580

There are no errors in my apache error log.

Prior to trying to move to SSL, my virtual host looked like this and worked as expected:

<VirtualHost *:80>
    ServerAdmin nermel@example.com
    ServerName grafana.example.com
    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:3000/
    ProxyPassReverse / http://0.0.0.0:3000/


    ErrorLog /var/log/apache2/grafana.example.com-error_log
    CustomLog /var/log/apache2/grafana.example.com-access_log common
</VirtualHost>

What do I need to do so that I can use Apache as a reverse proxy and use SSL to connect to Grafana?