For additional security, I want to implement TLS mutual authentication in Grafana. Can we add this organization certificate directly in the Grafana configuration file (grafana.ini) or do we need to install it in proxy servers like NGINX or Apache?
Yes, it should, you should move the TLS configuration to nginx instead of Grafana when doing so. Grafana has an “Auth Proxy” authentication option which can be useful when you set up it behind a reverse proxy, but make sure to configure it to only listen to your reverse proxy when using it.