Add SSL/HTTPS to Grafana With Let’s Encrypt

Menambahkan ssl/https pada grafana dengan let’s encrypt

  • Ubah permission file certificate fullchain.pem dan privkey.pem jadi 640, kemudian ganti group owner menjadi grafana untuk kedua file tersebut.
[root@icmp icmp]# ls -l /etc/letsencrypt/live/icmp.my.id/
total 16
-rw-r--r--. 1 root root 1850 Sep 20 07:38 cert.pem
-rw-r--r--. 1 root root 5601 Sep 20 07:38 fullchain.pem
-rw-------. 1 root root 1679 Sep 20 07:38 privkey.pem
[root@icmp icmp]#
[root@icmp icmp]# chmod 640 /etc/letsencrypt/live/icmp.my.id/cert.pem
[root@icmp icmp]# chmod 640 /etc/letsencrypt/live/icmp.my.id/fullchain.pem
[root@icmp icmp]# chmod 640 /etc/letsencrypt/live/icmp.my.id/privkey.pem
[root@icmp icmp]# ls -l /etc/letsencrypt/live/icmp.my.id/
total 16
-rw-r-----. 1 root root 1850 Sep 20 07:38 cert.pem
-rw-r-----. 1 root root 5601 Sep 20 07:38 fullchain.pem
-rw-r-----. 1 root root 1679 Sep 20 07:38 privkey.pem
[root@icmp icmp]# chown :grafana /etc/letsencrypt/live/icmp.my.id/fullchain.pem
[root@icmp icmp]# chown :grafana /etc/letsencrypt/live/icmp.my.id/privkey.pem
[root@icmp icmp]# ls -l /etc/letsencrypt/live/icmp.my.id/
total 16
-rw-r-----. 1 root root    1850 Sep 20 07:38 cert.pem
-rw-r-----. 1 root grafana 5601 Sep 20 07:38 fullchain.pem
-rw-r-----. 1 root grafana 1679 Sep 20 07:38 privkey.pem
  • Edit file /etc/grafana/grafana.ini > protocol = https , cert_file = /etc/letsencrypt/live/icmp.my.id/fullchain.pem , cert_key = /etc/letsencrypt/live/icmp.my.id/privkey.pem , > hapus tanda (;)
[root@icmp icmp]# nano /etc/grafana/grafana.ini
#################################### Server ####################################
[server]
# Protocol (http, https, h2, socket)
protocol = https

# The ip address to bind to, empty will bind to all interfaces
;http_addr =

# The http port  to use
;http_port = 3000

# The public facing domain name used to access grafana from a browser
;domain = localhost

# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false

# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/

# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.;serve_from_sub_path = false

# Log web requests
;router_logging = false

# the path relative working path
;static_root_path = public

# enable gzip
;enable_gzip = false

# https certs & key file
cert_file = /etc/letsencrypt/live/icmp.my.id/fullchain.pem
cert_key = /etc/letsencrypt/live/icmp.my.id/privkey.pem

# Unix socket path
  • Restart service grafana lalu cek status service grafana pastikan sesudah di restart harus dalam keadaan active (running).
[root@icmp icmp]# nano /etc/grafana/grafana.ini

[root@icmp icmp]# systemctl restart grafana-server

[root@icmp icmp]# systemctl status grafana-server
● grafana-server.service - Grafana instance
   Loaded: loaded (/usr/lib/systemd/system/grafana-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-09-29 11:22:02 UTC; 6s ago
     Docs: http://docs.grafana.org
 Main PID: 252440 (grafana-server)
   CGroup: /system.slice/grafana-server.service
           └─252440 /usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/var/run/grafana/grafana-ser...

Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="App mode production" ...ings
Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="Writing PID file" log...2440
Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="Connecting to DB" log...ite3
Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="Starting DB migration...ator
Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="migrations completed"...33ms
Sep 29 11:22:01 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:01+0000 lvl=info msg="Starting plugin searc...gins
Sep 29 11:22:02 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:02+0000 lvl=info msg="Registering plugin" l...nput
Sep 29 11:22:02 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:02+0000 lvl=info msg="Live Push Gateway ini...http
Sep 29 11:22:02 icmp.my.id systemd[1]: Started Grafana instance.
Sep 29 11:22:02 icmp.my.id grafana-server[252440]: t=2021-09-29T11:22:02+0000 lvl=info msg="HTTP Server Listen" l...ket=
Hint: Some lines were ellipsized, use -l to show in full.
  • Akses web grafana dengan https

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.