Hi everyone,
I installed Grafana on Debian 8.
I followed different tutorial to set up HTTPS on grafana server but it doesn’t work.
I also installed apache2 on the same server to try the HTTPS it does but when i add port 3000 for grafana page it doesn’t work.
Like SSL tools i use Openssl. I create certificate with two files (crt and key) after i enter path where is .crt and .key and i add protocol https. also i activate a2enmod and a2ensite for the folders.
I have also follow letsencrypts it doesn’t work.
Thanks you
Hi everyone,
I installed Grafana on Debian 8.
Why are you still using Debian 8?
Which repository did you get Grafana from, and which version did you isntall?
I followed different tutorial
Please tell us the URL for that?
to set up HTTPS on grafana server but it doesn’t work.
Please give us more details about what doesn’t work and how you are
testing it.
I also installed apache2 on the same server to try the HTTPS
it does but when i add port 3000 for grafana page it doesn’t work.
Once again, please tell us how you are doing that - show us some config files,
for example.
Like SSL tools i use Openssl. I create certificate with two files (crt and
key) after i enter path where is .crt and .key and i add protocol https.
also i activate a2enmod and a2ensite for the folders. I have also follow
letsencrypts it doesn’t work.
We need more detail than “it doesn’t work”.
Thin about it from our point of view - we need to know what you have done, and
exactly what results you are getting (and maybe how you are testing to get
those results) so that we have a clue how your setup differs from something
that works.
If you can tell us enough so that we could reproduce the same problem for
ourselves that would be great.
Antony.
Thanks you for return.
-
excuse me i use debian 10 buster
-
tutorial that i followed:
https://www.turbogeek.co.uk/grafana-how-to-configure-ssl-https-in-grafana/
Setup Grafana on Ubuntu 18.04 with LetsEncrypt – Hack‧zen‧werk -
I configured this file to set up HTTPS on apache2
SSLEngine on
# A self-signed (snakeoil) certificate can be created by inst$
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, on$
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/grafana/grafana.crt
SSLCertificateKeyFile /etc/grafana/grafana.key
- grafana.ini to try to set up HTTPS on community.grafana.com
;protocol = https
;cert_file = /etc/grafana/grafana.csr
;cert_key = /etc/grafana/grafana.key
When i write “it doesn’t work” it’s that HTTPS on grafana URL doesn’t work
Cédric
- excuse me i use debian 10 buster
Better 
- tutorial that i followed:
https://www.turbogeek.co.uk/grafana-how-to-configure-ssl-https-in-grafana/
https://blog.hackzenwerk.org/2019/05/13/setup-grafana-on-ubuntu-18-04-with-
letsencrypt/
Those both look like pretty reasonable instructions to me. Did you run into
any problems whilst following them?
- I configured this file to set up HTTPS on apache2
What are you using Apache for on this server?
SSLEngine on
A self-signed (snakeoil) certificate can be created by inst$
the ssl-cert package. See
/usr/share/doc/apache2/README.Debian.gz for more info.
If both key and certificate are stored in the same file, on$
SSLCertificateFile directive is needed.
SSLCertificateFile /etc/grafana/grafana.crt SSLCertificateKeyFile /etc/grafana/grafana.key
Are you trying to get Apache to do the SSL, or Grafana?
Which ports is Apache listening on?
Have you confirmed using “netstat -lptn”?
Did the above work? Does the Apache user (probably www-data under Debian)
have the correct permissions to read those certificate files? Anything
interesting in /var/log/apache2/error.log?
- grafana.ini to try to set up HTTPS on community.grafana.com
;protocol = https
;cert_file = /etc/grafana/grafana.csr
;cert_key = /etc/grafana/grafana.key
Did you really leave the semi-colons at the start of those lines?
If so, that means they are comments and will be ignored.
When i write “it doesn’t work” it’s that HTTPS on grafana URL doesn’t work
In that case there is some problem.
If you give us some more details about exactly how you are testing it, what
does and does not happen, and what you get in the log files, then we might have
more of an idea about what went wrong (assuming it’s not just the semi-colons
above).
As I said previously:
Think about it from our point of view - we need to know what you have done,
and exactly what results you are getting (and maybe how you are testing to get
those results) so that we have a clue how your setup differs from something
that works.
If you can tell us enough so that we could reproduce the same problem for
ourselves that would be great.
Otherwise, we are simply guessing, which is probably not the most efficient way
to help you solve your problem.
Antony.
1 Like
In following this tutorials i I encountered no problem, just the HTTPS which doesnt work
I use apache because I know with apache we can open the page in HTTPS I said to myself using a web server it could work.
I want just that try to get Grafana to do the SSL.
commande “netstat -lptn” :
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 172.17.0.1:53 0.0.0.0:* LISTEN 440/named
tcp 0 0 192.168.0.17:53 0.0.0.0:* LISTEN 440/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 440/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 439/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 440/named
tcp6 0 0 :::443 :::* LISTEN 1023/apache2
tcp6 0 0 :::80 :::* LISTEN 1023/apache2
tcp6 0 0 :::53 :::* LISTEN 440/named
tcp6 0 0 :::22 :::* LISTEN 439/sshd
tcp6 0 0 :::3000 :::* LISTEN 404/grafana-server
tcp6 0 0 ::1:953 :::* LISTEN 440/named
cat /var/log/apache2/error.log
[Mon May 31 14:05:36.801465 2021] [mpm_event:notice] [pid 1023:tid 140429044212864] AH00489: Apache/2.4.38 (Debian) OpenSSL/1 .1.1d mod_wsgi/4.6.5 Python/2.7 configured – resuming normal operations
[Mon May 31 14:05:36.801488 2021] [core:notice] [pid 1023:tid 140429044212864] AH00094: Command line: ‘/usr/sbin/apache2’
[Mon May 31 14:06:27.401999 2021] [mpm_event:notice] [pid 1023:tid 140429044212864] AH00493: SIGUSR1 received. Doing gracefu l restart
AH00112: Warning: DocumentRoot [/var/www/grafana] does not exist
[Mon May 31 14:06:27.430063 2021] [ssl:warn] [pid 1023:tid 140429044212864] AH01909: grafana-docteurit.esgi:443:0 server cert ificate does NOT include an ID which matches the server name
[Mon May 31 14:06:27.430246 2021] [mpm_event:notice] [pid 1023:tid 140429044212864] AH00489: Apache/2.4.38 (Debian) OpenSSL/1 .1.1d mod_wsgi/4.6.5 Python/2.7 configured – resuming normal operations
[Mon May 31 14:06:27.430256 2021] [core:notice] [pid 1023:tid 140429044212864] AH00094: Command line: ‘/usr/sbin/apache2’
- I remove the semicolon at the beginning on line https cert and file, I restarted the grafana-server service but it’s still the same.
I send you in details the configuration files and these directories
root@grafana-srv:/etc/grafana# ls
grafana.crt grafana.csr grafana.ini grafana.key ldap.toml provisioning
grafana.ini is configuration file for grafana.
protocol = https
The ip address to bind to, empty will bind to all interfaces
;http_addr =
The http port to use
;http_port = 3000
The public facing domain name used to access grafana from a browser
;domain = localhost
Redirect to correct domain if host header does not match domain
Prevents DNS rebinding attacks
;enforce_domain = false
The full public facing url you use in browser, used for redirects and emails
If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
Serve Grafana from subpath specified in root_url setting. By default it is set to false for compatibility reasons.
;serve_from_sub_path = false
Log web requests
;router_logging = false
the path relative working path
;static_root_path = public
enable gzip
;enable_gzip = false
https certs & key file
cert_file = /etc/grafana/grafana.crt
cert_key = /etc/grafana/grafana.key
In following your device i success.
This issue was “;” at the beginning of each sentence lines protocol, cert_file and key_file
Also i want redirect all HTTP to HTTPS pages automatically
THANKS YOU VERY MUCH
Cédric
tcp6 0 0 :::443 :::* LISTEN 1023/apache2
tcp6 0 0 :::80 :::* LISTEN 1023/apache2
So, Apache is listening on port 80 and 443, as standard.
Is that what you are trying to access when you test from your browser?
tcp6 0 0 :::3000 :::* LISTEN 404/grafana-server
…and Grafana is listening on port 3000 (but presumably not for SSL/TLS).
cat /var/log/apache2/error.log
AH00112: Warning: DocumentRoot [/var/www/grafana] does not exist
Have you tried to fix that problem?
AH01909: grafana-docteurit.esgi:443:0 server certificate does NOT include an
ID which matches the server name
Have you tried to fix that problem?
- I remove the semicolon at the beginning on line https cert and file, I
restarted the grafana-server service but it’s still the same.
In following your device i success.
Now I’m confused, you say it’s still the same, and then you say you have
success?
This issue was “;” at the beginning of each sentence lines protocol,
cert_file and key_file
Okay, so I think you now have it working - good.
Also i want redirect all HTTP to HTTPS pages automatically
I don’t actually know whether Grafana can do that, but Apache definitely can -
in which case you should research “Apache redirect HTTP to HTTPS” and if you
get stuck, ask at users@httpd.apache.org
THANKS YOU VERY MUCH
You’re welcome; I’m glad it helped.
Antony.
1 Like
Ok thanks you for your help.
Cédric