I recently launched a small Grafana server using the Bitnami certified image for AWS located here:
It was a pretty straightforward install and setup process. For my implementation however I needed to ensure our Grafana was using SSL or HTTP for access to Grafana. These commands helped me get that up and running.
Let’s assume at this point you can SSH into your Bitnami Grafana server and can access it via HTTP.
Firs thing you’ll want to do is install the Lego client like this:
cd /tmp curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
As of this writing the latest version is 3.0.2 but you’ll need to make sure you change “v3.0.2” below to use the latest version listed at the Git repo.
tar xf lego_v3.0.2_linux_amd64.tar.gz sudo mkdir -p /opt/bitnami/letsencrypt sudo mv lego /opt/bitnami/letsencrypt/lego
Next you must turn off all Bitnami services via:
sudo /opt/bitnami/ctlscript.sh stop
Now you’re ready to request your SSL certificate. Make sure you change “EMAIL-ADDRESS” and “DOMAIN” to your e-mail and domain name you are creating the certificate for.
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" run
Last thing you need to do is update the Grafana config in /opt/bitnami/grafana/conf. Under the [server] header you’ll want to make sure you change the protocol to “https” and then add the “cert_file” and “cert_key” locations. Make sure to change “DOMAIN” to your domain name.
[server] protocol=https cert_file=/opt/bitnami/letsencrypt/certificates/DOMAIN.crt cert_key=/opt/bitnami/letsencrypt/certificates/DOMAIN.key
After editing the config file, restart the bitnami services and you will now be able to access Grafana via SSL!
sudo /opt/bitnami/ctlscript.sh start