1、申请SSL证书

申请好域名证书,将证书文件上传至服务器

  1. mkdir /usr/local/monitor/grafana-8.0.3/ssl
  3. scp rules.tar.gz root@d-prometheus:/usr/local/monitor/grafana-8.0.3/ssl

2、修改grafana配置文件

$ vim /usr/local/monitor/grafana-8.0.3/conf/defaults.ini

  1. ......
  2. #################################### Server ##############################
  3. [server]
  4. # Protocol (http, https, h2, socket)
  5. protocol = https           #修改为https
  7. # The ip address to bind to, empty will bind to all interfaces
  8. http_addr =
  10. # The http port to use
  11. http_port = 3000
  13. # The public facing domain name used to access grafana from a browser
  14. domain = prometheus.123.top     #添加要使用的域名
  16. # Redirect to correct domain if host header does not match domain
  17. # Prevents DNS rebinding attacks
  18. enforce_domain = false
  20. # The full public facing url
  21. root_url = %(protocol)s://%(domain)s:%(http_port)s/
  23. # Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
  24. serve_from_sub_path = false
  26. # Log web requests
  27. router_logging = false
  29. # the path relative working path
  30. static_root_path = public
  32. # enable gzip
  33. enable_gzip = false
  35. # https certs & key file
  36. cert_file =/usr/local/monitor/grafana-8.0.3/ssl/full_chain.pem       #添加证书
  37. cert_key =/usr/local/monitor/grafana-8.0.3/ssl/private.key           #添加证书
  38. ......

3、测试访问

  1. curl -I https://prometheus.123.top:3000
  2. HTTP/1.1 302 Found
  3. Cache-Control: no-cache
  4. Content-Type: text/html; charset=utf-8
  5. Expires: -1
  6. Location: /login
  7. Pragma: no-cache
  8. Set-Cookie: redirect_to=%2F; Path=/; HttpOnly; SameSite=Lax
  9. X-Content-Type-Options: nosniff
  10. X-Frame-Options: deny
  11. X-Xss-Protection: 1; mode=block
  12. Date: Mon, 21 Jun 2021 09:35:06 GMT

image.png