Grafana SSL – How to configure HTTPS

Here is a quick guide to configuring a self-signed SSL certificate in Grafana, allowing you to browse to:

https://my_grafana_server

What is Grafana?

Grafana and Prometheus will give you a great solution if you need monitoring dashboards.

Check out https://grafana.com and https://prometheus.io to start your Journey.

Want to create your own TIG Stack?(Telegraf, InfluxDB and Grafana) – Check out this procedure

Grafana SSL

By default, SSL is not installed in the free, self-hosted community edition of Grafana. However, SSL is configured automatically for those who opt for the cloud version. To set up SSL on the self-hosted version, you will require sudo access to the /etc/grafana/grafana.ini file.

Here’s where you should look:

vi /etc/grafana/grafana.ini
Bash

HTTP options

In the grafana.ini file, you’ll need to modify two key fields:

Bash
[server]
http_addr = dashboard.yourdomain.co.uk
http_port = 3000
domain = yourdomain.co.uk
root_url = https://grafana.yourdomain.co.uk:3000
cert_key = /etc/grafana/grafana.key
enforce_domain = False
protocol = https
socket =
enable_gzip = False
cert_file = /etc/grafana/grafana.crt
static_root_path = public
router_logging = False
Bash

Step 1 – Create a Grafana SSL Certificate

For those on Red Hat Linux (or CentOS), follow the steps below. If you’re on a different Linux distribution, please refer to its specific documentation.

Execute the following command:

Bash
openssl genrsa -out grafana.key 2048
Bash

The expected output should appear as follows:

Step 2 – Generate a certificate signing request

From the command line, type:

Bash
openssl req -new -key grafana.key -out grafana.csr
Bash

The corresponding output will look something like this:

Step 3 – Output the certificate

Now from the command line, type:

Bash
openssl x509 -req -days 365 -in grafana.csr -signkey grafana.key -out grafana.crt
Bash

After which, you’ll see this output:

Note: If you type ls -l, you will see your certificates

Step 4 – Set certificate key file ownership

Run the following commands:

Bash
sudo chown grafana:grafana grafana.crt
sudo chown grafana:grafana grafana.key
sudo chmod 400 grafana.key grafana.crt
Bash

Step 5 – Transfer the certificate and key file to Grafana’s installation directory

Move files using:

Bash
sudo mv grafana.crt grafana.key /etc/grafana/
Bash

Step 6 – Edit the Grafana.ini file

Open the file with:

Bash
sudo vim /etc/grafana/grafana.ini
Bash

Search for the #HTTP options and set the properties accordingly:

Bash
root_url = https://grafana.yourdomain.co.uk
protocol = https
cert_key = /etc/grafana/grafana.key
cert_file = /etc/grafana/grafana.crt
Bash

Once done, save and exit the file. Proceed by restarting the Grafana service:

Bash
sudo service grafana-server restart
Bash

Step 7 – Access via the server IP

Finally, when you navigate to the server’s IP address using a web browser, you’ll encounter a warning due to the Self Signed Certificate. The prompt will appear as follows:

Note: You will always have to accept this prompt (only once) unless you have purchased a Signed Certificate from a certificate authority vendor such as https://www.digicert.com/

Want to know how to put certs on a Grafana container and how to make a Grafana container HTTPS? Simply run

docker exec -it containername /bin/bash
Bash

and follow the same procedure above.

That’s it; thanks for taking the time to read this article. if you have any questions or feedback, please write in the comment section below.

What to know more about Grafana SSL? Check out our other posts about it:

Learn:

Elsewhere On TurboGeek:  Install Grafana on a Raspberry Pi

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

16 Responses

  1. Noor Uz Zaman says:

    Excellent Explanation Thanks Buddy!

  2. Anonymous says:

    Perfect ! Thank you very much !

  3. kavitha says:

    Thanks for the blog. can you please use instead of self signed certs domain certs.I have tried above steps after updating grafana.ini failed to start grafana service.please guide.

    • Hi. I don’t know to be honest, I’ll need to work it out. But I imagine it’s the same process but you copy the domain certs instead.

      Does anyone else know the answer?

  4. kavitha says:

    Hi , I Have tried with domain certs but unable to start grafana service. please anyone help.

  5. Anonymus says:

    Just want to say thank you for your article. So easy to follow and clear explanation

  6. Chaitanya says:

    Dear Richard,

    Many thanks for your article. It really helps many.

    I had exactly did the same like you had mentioned in the article, but when I open the Grafana using https, I am receiving the following error:

    This site can’t provide a secure connection

    By the way, Grafana using http works like a champ.

    Please let me know, where the error might had happened, so that, it helps me and also many.

    Thanks for your help in advance.

    Regards,
    Chaitanya

    • Try updating your browser. Otherwise, it would be an internal network issue.
      Do you get an error code in the browser? Is there an option to skip?

      • Chaitanya says:

        Dear Richard,

        Thanks for your reply..

        I had tried with other browsers and I get the following error messages:

        Chrome ERR_SSL_PROTOCOL_ERROR
        Firefox SSL_ERROR_RX_RECORD_TOO_LONG
        Edge ERR_SSL_PROTOCOL_ERROR

        Unfortunately, there is no option to skip 🙁

        Regards,
        Chaitanya

  7. lam says:

    you still using the port 3000 not sure why

  1. 03/03/2023

    […] For a detailed procedure, checkout our popular article here. […]

  2. 30/03/2023

    […] to know how to apply a security certificate? Check out this popular article on […]

  3. 27/04/2023

    […] Need a Grafana SSL Certificate? – Learn how to create and install one now. […]

  4. 30/08/2023

    […] Need help setting up Grafana SSL (HTTPS) – click here […]

Leave a Reply

Your email address will not be published. Required fields are marked *