Running Grafana on Domain Name with HTTPS
In this guide, we’ll walk through the process of setting up Grafana to run on your custom domain name (managed via Cloudflare or any other domain service provider) with HTTPS, using Nginx as a reverse proxy.
1. Install Nginx
First, you need to install Nginx, which will act as a reverse proxy for Grafana.
=== "Ubuntu/Debian"
sudo apt update
sudo apt install nginx
=== "CentOS/RHEL"
sudo yum install nginx
=== "Fedora"
sudo dnf install nginx
2. Install SSL Certificates via Let's Encrypt (Optional but recommended)
To run your site over HTTPS, you’ll need an SSL certificate. We can use Let’s Encrypt to get a free SSL certificate for your domain.
Install Certbot (Let’s Encrypt Client)
=== "Ubuntu/Debian"
sudo apt install certbot python3-certbot-nginx
=== "CentOS/RHEL"
sudo yum install certbot python3-certbot-nginx
Obtain SSL Certificates
Run the following command to automatically generate and install your SSL certificate:
sudo certbot --nginx -d yourdomain.com
Replace yourdomain.com with your actual domain.
The process will automatically configure SSL for your domain and renew the certificates when needed.
3. Set Up Proxy in Nginx
Next, we will configure Nginx to proxy requests to your Grafana instance.
-
Navigate to the Nginx configuration directory:
cd /etc/nginx/conf.d/ -
Create a new configuration file for your domain. Replace
<domain-name>with your actual domain:sudo nano grafana.<domain-name>.conf -
Add the following configuration, replacing
yourdomain.comwith your actual domain and adjusting theserver_namedirective if needed:
# Redirect HTTP to HTTPS
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
return 301 https://$host$request_uri; # Redirect to HTTPS
}
}
# Configure HTTPS with SSL
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
location / {
proxy_pass http://localhost:3000; # Grafana default port
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
- Save and exit the file.
4. Test Nginx Configuration
Before restarting Nginx, it’s important to check the configuration for any errors:
sudo nginx -t
If there are no errors, you will see:
nginx: configuration file /etc/nginx/nginx.conf test is successful
5. Start/Restart Nginx
Now, you can start or restart the Nginx service to apply the changes:
To start Nginx:
sudo systemctl start nginx
To restart Nginx:
sudo systemctl restart nginx
6. Enable Nginx to Start After Reboot
To ensure Nginx starts automatically after a system reboot, run:
sudo systemctl enable nginx
7. Restart Grafana Services
Finally, restart the Grafana service to ensure everything is running smoothly and is accessible through your domain:
sudo systemctl restart grafana-server
8. Validate
At this point, your Grafana instance should be running on HTTPS via your custom domain. You can access it by going to https://yourdomain.com.
- If you encounter any issues, check the Nginx logs at
/var/log/nginx/error.logfor more details. - If your domain is managed by Cloudflare, ensure that SSL is set to Full (Strict) in the Cloudflare dashboard.