Issues connecting to influxdb when using https

mingo · June 15, 2017, 12:39pm

Hello,

I have 2 servers:

server 1: on a private network (192.168.0.1), running influxdb
server 2: on a “Public” network (172.16.0.1 and 192.168.0.2) running Grafana

As you can imagine, server1 is not reachable directly from the 172.x.x.x network.

Basic configuration with http works. If I activate https on Grafana … I get the following error when I try to create InfluxDB as a Data source:

InfluxDB Error
[object Object]

No error appears in the logs (Grafana’s or InfuxDB’s).

I created the SSL keys as follows:

openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

And copied them to /etc/ssl/

It seems to me that when I activate https on Grafana only, it tries to use https to access InfluxDB. So I’ve tried activating SSL on InfluxDB and same thing, same error. My setup only works if https is NOT configured on Grafana. I’ve also tried using keys created as InfluxData recommends:

openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/domain.key -out /etc/ssl/domain.crt -days 365

Doesn’t matter, same error.

If I go to a dashboard, I get the question mark in the top left corner, I click it and an empty window opens with 4 tabs in which the “JS Error” tab just says:

InfluxDB Error: undefined

So, OS and other software versions:
server1: influxdb-1.2.4-1.x86_64, CentOS 7.3.1611, openssl-1.0.1e-60.el7_3.1.x86_64
server2: grafana-4.3.2-1.x86_64, CentOS 6.9, openssl-1.0.1e-57.el6.x86_64

Last test I ran was installing everything on server1, going to the Data Center, hooking up a KVM and running everything locally … same error.

Grafana’s config file:

[paths]
[server]
protocol = https
http_addr = 172.16.0.1
cert_file = /etc/ssl/domain.crt
cert_key = /etc/ssl/domain.key
[database]
[session]
[dataproxy]
[analytics]
reporting_enabled = false
check_for_updates = false
[security]
admin_user = admin
admin_password = secret
login_remember_days = 0
[snapshots]
[users]
allow_sign_up = false
allow_org_create = false
[auth]
[auth.anonymous]
[auth.github]
[auth.google]
[auth.generic_oauth]
[auth.grafana_com]
[auth.proxy]
[auth.basic]
[auth.ldap]
[smtp]
[emails]
[log]
mode = syslog console file
[log.console]
[log.file]
[log.syslog]

[event_publisher]
[dashboards.json]
[alerting]
[metrics]
[metrics.graphite]
[grafana_com]
[external_image_storage]
[external_image_storage.s3]
[external_image_storage.webdav]

InfluxDB config file:

reporting-disabled = true
hostname = “server.domain”
[meta]
dir = “/var/lib/influxdb/meta”
[data]
dir = “/var/lib/influxdb/data”
wal-dir = “/var/lib/influxdb/wal”
[coordinator]
[retention]
[shard-precreation]
[monitor]
[admin]
enabled = false
bind-address = “:8083”
[http]
bind-address = “192.168.0.1:8086”
auth-enabled = false
https-enabled = false
https-certificate = “/etc/ssl/domain.crt”
https-private-key = “/etc/ssl/domain.key”
[subscriber]
[[graphite]]
[[collectd]]
[[opentsdb]]
enabled = false
bind-address = “:4242”
database = “”
[[udp]]
[continuous_queries]

I’d really appreciate any ideas you can give me.

Thanks !!!

daniellee · June 16, 2017, 3:46pm

This is a bug in the error handler in Grafana that has been fixed in master. Which is a pity, it would have been helpful to see the real error.

Can you see any errors in the Chrome Developer Tools console or in the network tab?

martinosis · July 25, 2017, 11:07pm

I have got the same issue and here is the error that I got from the console:

Failed to load resource: net::ERR_INSECURE_RESPONSE

My guess is that the self signed certificates are not supported on Grafana.

daniellee · July 26, 2017, 10:15am

@martinosis do you mean a self-signed cert for the InfluxDB data source?

martinosis · July 26, 2017, 11:46am

Yes, in my case it’s different, I use Grafana locally on my computer and influxdb on à VPS. The indluxdb have the ssl option enabled with a self signed certificate. Is this setup supported on Grafana? I don’t see the option for self-signed ssl certificate.

deff · August 17, 2017, 9:26am

Hi there, i have the same problem.
here is the response to the query in the console log : boot.5ee7468a.js:42 net::ERR_INSECURE_RESPONSE

daniellee · August 21, 2017, 4:02pm

I don’t think Grafana currently allows this. We would have to add a setting to allow “InsecureSkipVerify” (the go http setting for not checking self-signed certs). Something like the SSL mode setting for when connecting to mysql or postgres.

oscar · October 21, 2017, 4:37pm

Hi,

I’m experiencing the same issue… have you added this “flag” ?

Thanks a lot!

daniellee · October 23, 2017, 7:27am

Yes, it will be in the next release of Grafana (which will probably be released later today) - see all the PR’s from Matt Bostock in 4.6 beta: https://github.com/grafana/grafana/blob/master/CHANGELOG.md#460-beta1-2017-10-13

oneofthemany · June 17, 2021, 10:44am

unsure if this is still a live issue, but within the influx config file you have the following

https-enabled = false

should this not be:

https-enabled = true