- What Grafana version and what operating system are you using?
Grafana: v10.3.3
OS: Ubuntu 20.04
- What are you trying to achieve?
Setup SSL certificate.
- How are you trying to achieve it?
I’m following this guide : Set up Grafana HTTPS for secure web traffic | Grafana documentation
My grafana setup in docker does not have the paths mentioned in the guide. I’m using bind for persistent storage.
This is my docker inspect for the container.
Docker compose:
I’m fairly new to docker. Please let me know what am I missing.
as you can see the key/crt file locations are in
/etc/grafana/grafana.key
/etc/grafana/grafana.crt
so maybe generate these files in your current OS then point to them in the compose folder volumes section?
dump them in /home/Grafana_Storage/ssl/
then
volumes:
- '/home/Grafana_Storage/ssl/:/etc/grafana/'
maybe something like this?
1 Like
Hey, @manthanbhavsar26 welcome to the community.
You should use some volumes in your container to give it access for the public certificate and key certificate, and then set them up on environment docker options with GF_SERVER_CERT_FILE and GF_SERVER_CERT_KEY.
Quote from the docs: (Configure Grafana | Grafana documentation)
Override configuration with environment variables - To override an option:
GF_<SectionName>_<KeyName>
And about the options for certificates:
[server]
cert_file
Path to the certificate file (if protocol is set to https or h2).
cert_key
Path to the certificate key file (if protocol is set to https or h2).
Hope it helps.
1 Like
Thank you for the response. I’ll try that.
Also, how to I change the port to 443 so I don’t have to use :3000 with the URL?
You should use GF_SERVER_HTTP_PORT for your case, but mind that Grafana only bind in a single port. Then, if you change it to 443 and want to redirect requests from 80 to 443 you should use a webserver, webproxy or firewall forwarding to help Grafana out (It’s all in the docs, and talking about that… @manthanbhavsar26 it’s pretty interesting for you to read about all Configuration Options in the docs. I promise you that it’ll be a good investment of time: Configure Grafana | Grafana documentation)
2 Likes
I read the guides and configurations but I was lacking confidence to implement it and needed input from experts.
Another question:
I’ve created symlinks for the Let’s Encrypt cert files to the Grafana_Storage/ssl bind so I don’t have to worry moving files whenever the certs renew.
Could you confirm symlinks when used with docker will work fine?
$ sudo ln -s /etc/letsencrypt/live/subdomain.mysite.com/privkey.pem Grafana_Storage/ssl/grafana.key
$ sudo ln -s /etc/letsencrypt/live/subdomain.mysite.com/fullchain.pem Grafana_Storage/ssl/grafana.crt
and then defined in the compose file like this.
Well… You’re on a docker environment. Try a lot.
I don’t recommend using symlinks on docker and docker-compose configuration stacks btw.
But these are docker topics, you should review them in a docker forum.
Last thing that I can say is that on docker I prefer to use traefik with ACME certificates for Let’s Encrypt. Pretty easy, and you’ll won’t need to touch https on grafana, container, not even the port. (there’s this example project for wordpress that works out-of-the-box for you to play with after reading the docs for traefik and adapt to grafana if you wish)
I wish you good studies.
2 Likes
why the difference here?
Basically as @isaqueprofeta said, this is more of a docker issue than grafana. Probably check out these kinds of videos
2 Likes
Do you mind explaining what do you mean by the difference?
Is the pathing incorrect?
One has ssl the other does not
That was just a mistake. I fixed it.
Thanks guys! It’s working now with cert and dns name.
2 Likes