1.2.15. Set Up HTTPS for Grafana
If you want to limit access to the Grafana to HTTPS connections, you need to provide a certificate. While it is possible to use a self-signed certificate for initial trials, they are not suitable for production environments. After your certificate is in place, you must run a special setup command.
Log on to the host with Grafana.
Browse to the Grafana configuration directory:
cd /etc/ambari-metrics-grafana/conf/Locate your certificate. If you want to create a temporary self-signed certificate, use this as an example:
openssl genrsa -out ams-grafana.key 2048 openssl req -new -key ams-grafana.key -out ams-grafana.csr openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
Set the ownership and permissions the certification and key files so they will be accessible to Grafana.
chown ams:hadoop ams-grafana.crt chown ams:hadoop ams-grafana.key chmod 400 ams-grafana.crt chmod 400 ams-grafana.key
In Ambari Web, browse to Services > Ambari Metrics > Configs.
Update the following properties:
Section Property Value Advanced ams-grafana-ini
protocol
https
Advanced ams-grafana-ini
cert_file
/etc/ambari-metrics-grafana/conf/ams-grafana.crt
Advanced ams-grafana-ini
cert-Key
/etc/ambari-metrics-grafana/conf/ams-grafana.key
Save the configuration and restart the services as prompted.