Hello everyone,
I have set up Grafana on Docker on a Windows Machine in a Windows Container and have now encountered a problem with setting up a ssl encryption.
I have created a Windows container where I download the windows binary, set the appropriate environment Variables, copy the certificate files into the container and start it.
When I try to access grafana using https over the url https://grafana.domain.ch:3000
the certificate is not even loaded and i get the error ERR_SSL_PROTOCOL_ERROR
- What Grafana version are you using? grafana-8.5.1
- What OS are you running grafana on? Windows Docker Container on Windows Server
Below you can find my configuration. I have replaced our domain by “domain”, otherwise this is the same configuration.
ENV GF_EXPLORE_ENABLED="false" \
# Enable the Query history
GF_QUERY_HISTORY_ENABLED="true" \
# disable user signup / registration
GF_USERS_ALLOW_SIGN_UP="false" \
# Allow non admin users to create organizations
GF_USERS_ALLOW_ORG_CREATE="FALSE" \
# Default UI theme ("dark" or "light")
GF_USERS_DEFAULT_THEME="light" \
# Snapshot sharing option
GF_SNAPSHOTS_EXTERNAL_ENABLED="false" \
# Server reporting, sends usage counters to stats.grafana.org every 24 hours. No ip addresses are being tracked, only simple counters to track running instances, dashboard and error counts.
GF_ANALYTICS_REPORTING_ENABLED="false" \
# Either "mysql", "postgres" or "sqlite3", it's your choice
GF_DATABASE_TYPE="mysql" \
GF_DATABASE_NAME="grafana" \
GF_DATABASE_USER="grafana_user" \
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
GF_DATABASE_PASSWORD="" \
# disable gravatar profile images
GF_SECURITY_DISABLE_GRAVATAR="true" \
# set to true if you host Grafana behind HTTPS. default is false.
GF_SECURITY_COOKIE_SECURE="true" \
# Protocol (http, https, h2, socket)
GF_SERVER_PROTOCOL="HTTPS" \
# GF_SERVER_HTTP_ADDR="" \ # The ip address to bind to, empty will bind to all interfaces
# The http port to use
GF_SERVER_HTTP_PORT="3000" \
# The public facing domain name used to access grafana from a browser
GF_SERVER_DOMAIN="grafana.domain.ch" \
# GF_SERVER_ENFORCE_DOMAIN="" \ # Redirect to correct domain if host header does not match domain
# The full public facing url you use in browser, used for redirects and emails
GF_SERVER_ROOT_URL="https://grafana.domain.ch:3000" \
# https certs & key file
GF_SERVER_CERT_FILE="C:\grafana\bin\ssl\fullchain.pem" \
GF_SERVER_CERT_KEY="C:\grafana\bin\ssl\cert.key"
#These are
COPY security/fullchain.cer /grafana/bin/ssl/fullchain.pem
COPY security/cert.key /grafana/bin/ssl/cert.key
EXPOSE 3000
WORKDIR C:\\grafana\\bin
CMD ["grafana-server.exe"]
The output of the command openssl x509 -in fullchain.pem -text -noout
is
Common Name: grafana.domain.ch
Subject Alternative Names: grafana.domain.ch
Valid From: April 28, 2022
Valid To: July 27, 2022
Issuer: (STAGING) Artificial Apricot R3, (STAGING) Let’s Encrypt
Serial Number: fac3790c71616ba527ad11702ef9a405abf5
The log does not provide me with to much infos either:
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_PROTOCOL=HTTPS"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_HTTP_PORT=3000"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_DOMAIN=grafana.domain.ch"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_ROOT_URL=https://grafana.domain.ch:3000"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_CERT_FILE=C:\\grafana\\bin\\ssl\\fullchain.pem"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SERVER_CERT_KEY=C:\\grafana\\bin\\ssl\\cert.key"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_DATABASE_TYPE=mysql"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_DATABASE_HOST=172.16.85.227"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_DATABASE_NAME=grafana"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_DATABASE_USER=grafana_user"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_DATABASE_PASSWORD=*********"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_ANALYTICS_REPORTING_ENABLED=false"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SECURITY_DISABLE_GRAVATAR=true"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SECURITY_COOKIE_SECURE=true"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_SNAPSHOTS_EXTERNAL_ENABLED=false"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_USERS_ALLOW_SIGN_UP=false"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_USERS_ALLOW_ORG_CREATE=FALSE"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_USERS_DEFAULT_THEME=light"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_EXPLORE_ENABLED=false"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Config overridden from Environment variable" var="GF_QUERY_HISTORY_ENABLED=true"
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Path Home" path=C:\grafana
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Path Data" path=C:\grafana\data
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Path Logs" path=C:\grafana\data\log
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Path Plugins" path=C:\grafana\data\plugins
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="Path Provisioning" path=C:\grafana\conf\provisioning
logger=settings t=2022-04-28T19:06:20.13+0200 lvl=info msg="App mode production"
logger=sqlstore t=2022-04-28T19:06:20.13+0200 lvl=info msg="Connecting to DB" dbtype=mysql
logger=migrator t=2022-04-28T19:06:20.18+0200 lvl=info msg="Starting DB migrations"
logger=migrator t=2022-04-28T19:06:20.19+0200 lvl=info msg="migrations completed" performed=0 skipped=461 duration=1.6381ms
logger=licensing t=2022-04-28T19:06:20.19+0200 lvl=info msg="Validated license token" appURL=https://grafana.domain.ch:3000/ source=disk status=NotFound
logger=grafanaStorageLogger t=2022-04-28T19:06:20.19+0200 lvl=warn msg="error loading storage" prefix=public-static err="open blob.Bucket: parse \"file://C:\\\\grafana\\\\public\": invalid port \":\\\\grafana\\\\public\" after host"
logger=plugin.manager t=2022-04-28T19:06:20.39+0200 lvl=info msg="Plugin registered" pluginId=input
logger=plugin.finder t=2022-04-28T19:06:20.39+0200 lvl=warn msg="Skipping finding plugins as directory does not exist" path=C:\grafana\data\plugins
logger=query_data t=2022-04-28T19:06:20.41+0200 lvl=info msg="Query Service initialization"
logger=live.push_http t=2022-04-28T19:06:20.42+0200 lvl=info msg="Live Push Gateway initialization"
logger=grafanaStorageLogger t=2022-04-28T19:06:20.51+0200 lvl=info msg="storage starting"
logger=report t=2022-04-28T19:06:20.51+0200 lvl=warn msg="Scheduling and sending of reports disabled, SMTP is not configured and enabled. Configure SMTP to enable."
logger=http.server t=2022-04-28T19:06:20.52+0200 lvl=info msg="HTTP Server Listen" address=[::]:3000 protocol=http subUrl= socket=
I am quite genuinly quite confused as to why the certificates are not even loaded an