By default Grafana operates over HTTP but for added security you can operate over HTTPS. For my use case I am using a self generated certificate as not using a public domain.
Generate Keys: (a key.pem and cert.pm files will be generated)
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
Put the keys in /home/pi/ directory. It did not work for me in the /etc/grafana/ directory.
sudo mv cert.pem /home/pi/ sudo mv key.pem /home/pi/
Change permissions of the keys:
sudo chmod -R 777 /home/pi/cert.pem sudo chmod -R 777 /home/pi/key.pem
Edit Grafana Config File:
sudo nano /etc/grafana/grafana.ini
Ensure the server protocol is updated and the key locations listed:
[server] # Protocol (http, https, socket) protocol = https # https certs & key file cert_file = /home/pi/cert.pem cert_key = /home/pi/key.pem
Reboot system and all done!
Tried it. After reboot grafana is not reachable. Is it still port 3000?
Yeah it should still be same port. Just ensure you type https:// perhaps?
This was helpful, thanks. Here are a few thoughts..
I already had keys from an existing Apache installation. Those SSL certs/keys are usually kept in `/etc/ssl/certs` and `/etc/ssl/private`, but `/etc/ssl/private` is restricted to root or users in the “ssl-cert” group. I modified my grafana.ini to point to these, and then used `sudo gpasswd -a grafana ssl-cert` to add grafana to the group. Finally, you will need to restart grafana; `sudo systemctl restart grafana-server`, a full reboot isn’t necessary.
Good idea!
Does this approach work for windows grafana too?
I am unsure.
Hi I tried exactly the same thing but it doesn’t work.
when i enter HTTPS it doesnt work but when i HTTP it work always.
I have restarted the service at the end