Issues connecting to influxdb when using https

Hello,

I have 2 servers:

  • server 1: on a private network (192.168.0.1), running influxdb
  • server 2: on a “Public” network (172.16.0.1 and 192.168.0.2) running Grafana

As you can imagine, server1 is not reachable directly from the 172.x.x.x network.

Basic configuration with http works. If I activate https on Grafana … I get the following error when I try to create InfluxDB as a Data source:

InfluxDB Error
[object Object]

No error appears in the logs (Grafana’s or InfuxDB’s).

I created the SSL keys as follows:

openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt

And copied them to /etc/ssl/

It seems to me that when I activate https on Grafana only, it tries to use https to access InfluxDB. So I’ve tried activating SSL on InfluxDB and same thing, same error. My setup only works if https is NOT configured on Grafana. I’ve also tried using keys created as InfluxData recommends:

openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/domain.key -out /etc/ssl/domain.crt -days 365

Doesn’t matter, same error.

If I go to a dashboard, I get the question mark in the top left corner, I click it and an empty window opens with 4 tabs in which the “JS Error” tab just says:

InfluxDB Error: undefined

So, OS and other software versions:
server1: influxdb-1.2.4-1.x86_64, CentOS 7.3.1611, openssl-1.0.1e-60.el7_3.1.x86_64
server2: grafana-4.3.2-1.x86_64, CentOS 6.9, openssl-1.0.1e-57.el6.x86_64

Last test I ran was installing everything on server1, going to the Data Center, hooking up a KVM and running everything locally … same error.

Grafana’s config file:

[paths]
[server]
protocol = https
http_addr = 172.16.0.1
cert_file = /etc/ssl/domain.crt
cert_key = /etc/ssl/domain.key
[database]
[session]
[dataproxy]
[analytics]
reporting_enabled = false
check_for_updates = false
[security]
admin_user = admin
admin_password = secret
login_remember_days = 0
[snapshots]
[users]
allow_sign_up = false
allow_org_create = false
[auth]
[auth.anonymous]
[auth.github]
[auth.google]
[auth.generic_oauth]
[auth.grafana_com]
[auth.proxy]
[auth.basic]
[auth.ldap]
[smtp]
[emails]
[log]
mode = syslog console file
[log.console]
[log.file]
[log.syslog]
[event_publisher]
[dashboards.json]
[alerting]
[metrics]
[metrics.graphite]
[grafana_com]
[external_image_storage]
[external_image_storage.s3]
[external_image_storage.webdav]

InfluxDB config file:

reporting-disabled = true
hostname = “server.domain”
[meta]
dir = “/var/lib/influxdb/meta”
[data]
dir = "/var/lib/influxdb/data"
wal-dir = “/var/lib/influxdb/wal”
[coordinator]
[retention]
[shard-precreation]
[monitor]
[admin]
enabled = false
bind-address = “:8083”
[http]
bind-address = "192.168.0.1:8086"
auth-enabled = false
https-enabled = false
https-certificate = "/etc/ssl/domain.crt"
https-private-key = “/etc/ssl/domain.key”
[subscriber]
[[graphite]]
[[collectd]]
[[opentsdb]]
enabled = false
bind-address = ":4242"
database = “”
[[udp]]
[continuous_queries]

I’d really appreciate any ideas you can give me.

Thanks !!!

This is a bug in the error handler in Grafana that has been fixed in master. Which is a pity, it would have been helpful to see the real error.

Can you see any errors in the Chrome Developer Tools console or in the network tab?

I have got the same issue and here is the error that I got from the console:

Failed to load resource: net::ERR_INSECURE_RESPONSE

My guess is that the self signed certificates are not supported on Grafana.

@martinosis do you mean a self-signed cert for the InfluxDB data source?

Yes, in my case it’s different, I use Grafana locally on my computer and influxdb on à VPS. The indluxdb have the ssl option enabled with a self signed certificate. Is this setup supported on Grafana? I don’t see the option for self-signed ssl certificate.

Hi there, i have the same problem.
here is the response to the query in the console log : boot.5ee7468a.js:42 net::ERR_INSECURE_RESPONSE

I don’t think Grafana currently allows this. We would have to add a setting to allow “InsecureSkipVerify” (the go http setting for not checking self-signed certs). Something like the SSL mode setting for when connecting to mysql or postgres.

Hi,

I’m experiencing the same issue… have you added this “flag” ?

Thanks a lot!

Yes, it will be in the next release of Grafana (which will probably be released later today) - see all the PR’s from Matt Bostock in 4.6 beta: https://github.com/grafana/grafana/blob/master/CHANGELOG.md#460-beta1-2017-10-13

image

unsure if this is still a live issue, but within the influx config file you have the following

https-enabled = false

should this not be:

https-enabled = true