I’m currently running Grafana as an AWS ECS service. We have SSL termination enabled on the load balancer side, not on the actual service. The load balancer listens on 80 & 443 and forwards it to the container port. We manage the SSL all through amazon and prefer not to keep on updating the certs on the service/images, but when we enable HTTPS, it never starts up because it needs the certs to start. Would rather not have to setup nginx in front of it just to forward http to https
I was curious if there was an option where Grafana could just handle the forwarding as a config option without needing the certs available.
Thanks
Don’t think there is currently any option for this. We usually recommend setting up an nginx proxy for scenarios like this (sorry!).
I figured this would be the case, thanks!
Hello, I’m new to using Grafana, and have a similar setup, with an SSL terminated AWS load balancer that I want to use to connect to the installed Grafana service on the backend via http. I used helm to install prometheus and grafana. I am able to connect to the NodePort while logged into the AWS private network on the backend and the Grafana UI works perfectly.
When I hook it up to my load balancer by creating an ingress along with the AWS Load Balancer Controller, it looks healthy in the target group (using /api/health), but trying to access it through the load balancer it just hangs.
This is what my ingress yaml looks like:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "foo-ingress-grafana"
namespace: "grafana"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: xxxx
alb.ingress.kubernetes.io/group.name: foo
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":445}]'
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true
alb.ingress.kubernetes.io/backend-protocol: "HTTP"
alb.ingress.kubernetes.io/healthcheck-path: "/api/health"
alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP"
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=301
labels:
app: foo-ingress-grafana
spec:
rules:
- host: foo.microfocuscloud.com
http:
paths:
- path: /*
backend:
serviceName: "grafana"
servicePort: 80
So is it required that I use an nginx proxy? If so, do you have examples of how to set that up?
I also tried just specifying LoadBalancer for the service type, and that load balancer had the same problem – it just seems to hang.
I figured out that configuring the ingress for Grafana this way works fine. It was only my choice of port 445 that was causing the problems, as that port gets defined in AWS as an SMB port.
