Pretext:
This is my first solution posted on stack overflow, and I hope it is adequatly formed. I did not know of whether posting the solution as an answer to a self-raised question, or to make an article on it. Making it an article seemed to be the less appropriate option.
I hope this self-answered question solves your question in one read.
Problem:
How to configure/setup https for GrafanaEnterprise version 9.2.4.0 on Windows Server 2022 version 10.0.20348?
Context:
I will follow up this question with the solution that worked for me. This question is raised, as when I searched the web for answers - I did not find a direct answer and had to gather parts from different solutions I had read up to that point, from different resources that appeared in the Google searches I had made. The solution to this question will hopefully give a direct solution for any who search for a https solution on a Grafana Windows installation.
I do not know if this is applicable/compatible on/with previous versions of Windows operating systems and or GrafanaEnterprise.
Environment:
- Virtual Machine, Windows Server 2022 version 10.0.20348
- GrafanaEnterprise version 9.2.4.0, standard Windows installer from: https://grafana.com/grafana/download?platform=windows
The solution I tried:
I tried creating self-signed certificates with openssl, "grafana.key" and "grafana.crt", this worked, but when referencing them in Grafana's configuration file "custom.ini" the following error occurred.
The error I encountered:
Windows could not start the Grafana service on Local Computer after uncommenting settings in the Grafana configuration file "custom.ini" under "Server" options. The error message was the following:
"The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator."
Image of windows error after attempted restart of Grafana service.
This answer contains:
Firstly, in short, a solution to the error after reconfiguring Grafana to use a supplied .crt and .key file.
Secondly, a guide with all the steps required for the installation of Grafana on Windows Server 2022 with https, in my experience.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Part 1
The error after configuring Grafana's custom.ini file to use a supplied .crt and .key file:
The error - "Windows Could not start the Grafana service on Local Computer."
The solution - how to convert the .crt and .key files to .pem files:
The Grafana service requires the .crt certificate file and the .key file to be converted to .pem file type.
How to convert a .crt file to a .pem file with OpenSSL on Windows:
How to convert a .key file to a .pem file with OpenSSL on Windows:
Note that this conversion of the .key writes the private key to the .pem as plain text and should be replaced by a solution that does not write it as plain text to the .pem file.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Part 2
A guide to Grafana installation on Windows Server 2022 with Openssl certificate & key in https configuration:
Step 1 - Install Grafana
Step 2 - Install OpenSSL for Windows
Download OpenSSL for Windows through third party: http://slproweb.com/products.html with the direct download link as http://slproweb.com/download/Win64OpenSSL-3_0_7.msi.
Start the installation of OpenSSL by double-clicking the installation file Win64OpenSSL-3_0_7.msi in your downloads folder.
Click I accept the agreement & Next > Next > Next > Next > Install > Uncheck One-time $10 donation to Windows OpenSSL > Finish.
Step 3 - Create selfsigned .crt and .key files as .pem files with OpenSSL for Grafana
OpenSSL Comand Prompt should appear in your windows search.
Step 4 - Configure Grafana custom.ini file
Copy the sample.ini file and rename the copy to original.sample.ini file. Do this also for the default.ini file. You are not to edit these files in this guide. Then after the copying of the original files you have a backup, if you copy paste to the wrong file in the future.
Copy the sample.ini file again and rename it to https.custom.ini this time.
Open the https.custom.ini file and edit these lines. Change the IP address to the one you are using. You can also change the port number to the one you need. Otherwise, just keep it at 3000.
to
&
to
&
to
Save the https.custom.ini file.
Copy the original.sample.ini file and rename the copy to original.custom.ini.
You can in the future copy the content of either the original.custom.ini, https.custom.ini or any other file you may have made into the custom.ini file.
Step 5 - Restart and check Grafana
Open services.msc and find the service namned Grafana.
Right click it and select restart.
Now, go back to your browser and visit the address you entered above and you should see a warning. The example I provided above was https://1.2.3.4:3000.
Click the equivalent in your browser of Advanced > Accept the Risk and Continue.
Now, you should be at your Grafana's web GUI, and https is configured!
Bonus - Check that http is disabled
In your browser, try to visit you Grafana address with the http protocol, or simply enter only the IP of your Grafana service in the URL field. You should get the response:
Client sent an HTTP request to an HTTPS server.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
An apology
I want to apologize for the comment having formatting issues, as my account does not have a sufficient score to post more than 8 links in one comment. I had to cut the images.
I will add them at a later date, if my account has a sufficient score then.