Grafana: How to configure SSL HTTPS in Grafana

Here is a quick guide to configuring self-signed SSL certificate for Grafana, allowing you to browse to a https://your_grafana_server:3000

What is Grafana?

If you need monitoring dashboards, using grafana and prometheus will give you a great solution.

Check out and to start your Journey.

Grafana SSL

SSL is not installed by default when using the free, self-hosted community edition. If you purchase the cloud version, then SSL is configured automatically by default. You will need sudo access to the servers /etc/grafana/grafana.ini file. Look for the HTTP options:

Grafana HTTP options

There are two key fields that need changing.

http_addr =
http_port = 3000
domain =
root_url =
cert_key = /etc/grafana/grafana.key
enforce_domain = False
protocol = https
socket =
enable_gzip = False
cert_file = /etc/grafana/grafana.crt
static_root_path = public
router_logging = False

Step 1 – Create an SSL Certificate

I am using Red Hat Linux, but this will work on CentOS as well. You may need to check your appriopirae documentation if you are using another flavor of Linux.

From the command line type:

openssl genrsa -out grafana.key 2048

You should see output like this:

Step 2 – Generate a certificate signing request

From the command line type:

openssl req -new -key grafana.key -out grafana.csr

You should see output like this:

Step 3 – Output the certificate

From the command line type:

openssl x509 -req -days 365 -in grafana.csr -signkey grafana.key -out grafana.crt

You should see output like this:

Note: If you type ls -l you will see your certifcates

Step 4 – Set certificate key file ownership

From the command line type:

sudo chown grafana:grafana grafana.crt
sudo chown grafana:grafana grafana.key
sudo chmod 400 grafana.key grafana.crt

Step 5 – Move certificate and key file to the Grafana installation folder

From the command line type:

sudo mv grafana.crt grafana.key /etc/grafana/

Step 6 – Edit the Grafana.ini file

From the command line type:

sudo vim /etc/grafana/grafana.ini
  • Locate the #HTTP options. Set the properties as:
protocol = https
cert_key = /etc/grafana/grafana.key
cert_file = /etc/grafana/grafana.crt
  • Save and close the file, and now restart the grafana service
sudo service grafana-server restart

Step 7 – Browse to the server IP

Now browse to the server IP address and you should be prompted with a warning. As this is a Self Signed Certificate, you will be prompted once like this:

Note: You will always have to accept this prompt (only once) unless you have purchased a Signed Certificate from a certificate vendor such as

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *