Setup HTTPS for Grafana

By default Grafana operates over HTTP but for added security you can operate over HTTPS. For my use case I am using a self generated certificate as not using a public domain.

Generate Keys: (a key.pem and files will be generated)

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

Put the keys in /home/pi/ directory. It did not work for me in the /etc/grafana/ directory.

sudo mv cert.pem /home/pi/
sudo mv key.pem /home/pi/

Change permissions of the keys:

sudo chmod -R 777 /home/pi/cert.pem
sudo chmod -R 777 /home/pi/key.pem 

Edit Grafana Config File:

sudo nano /etc/grafana/grafana.ini

Ensure the server protocol is updated and the key locations listed:

# Protocol (http, https, socket)
protocol = https

# https certs & key file
cert_file = /home/pi/cert.pem
cert_key = /home/pi/key.pem

Reboot system and all done!

4 thoughts on “Setup HTTPS for Grafana

  1. This was helpful, thanks. Here are a few thoughts..

    I already had keys from an existing Apache installation. Those SSL certs/keys are usually kept in `/etc/ssl/certs` and `/etc/ssl/private`, but `/etc/ssl/private` is restricted to root or users in the “ssl-cert” group. I modified my grafana.ini to point to these, and then used `sudo gpasswd -a grafana ssl-cert` to add grafana to the group. Finally, you will need to restart grafana; `sudo systemctl restart grafana-server`, a full reboot isn’t necessary.

Leave a Reply

Your email address will not be published. Required fields are marked *