Configure SSL for Grafana on Azure

Introduction

The last article in the series “Grafana Installation and Configuration” is about configuring an SSL certificate for Grafana hosted on Azure. If you want to follow us, just read the articles in the given order.

• Getting started with Grafana for Ubuntu in Azure Cloud
• Providing a Domain Name for Grafana service in Azure Cloud
• Reverse Proxy Grafana with Nginx in Azure

So far, we learned how to install and configure ports with domain names for Grafana hosted in Azure Cloud. It is time to learn how to install an SSL certificate and allow users to feel confident via HTTPS.

The value of SSL certificates

SSL certificates offer several valuable benefits for websites.

1. Enhanced Data Security: SSL creates a secure connection using encryption, scrambling information sent between browser and server. This safeguards sensitive data like credit card details, login credentials, and personal information during transmission. Even if intercepted, the data remains unreadable.
2. Boosted Customer Trust: The green padlock icon in browsers with a valid SSL certificate signifies a secure connection. This builds trust with users, making them feel safe entering personal details and engaging in transactions on your website.
3. Improved Search Engine Ranking: Search engines like Google prioritize websites with HTTPS (enabled by SSL) as a ranking factor. An SSL certificate can give your website a slight SEO boost.
4. Protection from Phishing Attacks: SSL certificates issued by trusted authorities validate website ownership. This makes it difficult for imposters to create fake websites that mimic yours, enhancing phishing protection.
5. Compliance with Regulations: Data privacy regulations like GDPR and CCPA emphasize protecting user information. SSL certificates play a role in achieving compliance by encrypting data.
6. Increased Conversion Rates: The combination of enhanced security and user trust can lead to better conversion rates, especially for e-commerce sites where users provide sensitive payment information.

In essence, SSL certificates are valuable for creating a secure environment that fosters trust with users, improves SEO, and protects your website from various security threats.

Installing SSL certificate for Grafana hosted in Azure

There are multiple ways and services to help us get an SSL certificate for our web application. One of them, and my favorite one, is Certbot(https://certbot.eff.org/).

Certbot is a tool that helps you easily obtain and install free HTTPS certificates for your website. It is run from a command line interface and typically requires some familiarity with administering a server. Certbot can be used with a variety of web hosting products and server operating systems.

Here is how to obtain a free SSL certificate from Certbot.

1. Navigate to certbot.eff.org
2. Select Nginx and Ubuntu combination
   

Well, as you already know, we use Ubuntu 22.04 but currently, we have only Ubuntu 20 certification instructions but the same instructions are working on Ubuntu 22 also.

As the instructions say, we need to install snapd but it has already been installed as a built-in command for Ubuntu. Here are our steps to install an SSL certificate for Grafana hosted on Azure.

1. Open Putty and connect to Azure VM ( check our previous tutorials for more information)
2. Run sudo snap install –classic certbot
3. Run sudo ln -s /snap/bin/certbot /usr/bin/certbot
4. Run sudo certbot –nginx
   

When running the sudo certbot –nginx command, you will be asked to enter some information. For recommended domains, select “1” if it matches your domain.

When you open your Grafana configuration (it is mygrafana.cert for us) use cat mygrafana.conf, you should see the following.

It indicates that the file was overridden by Certbot and it should be possible for you to use it. In the case of Azure, we need to do one more configuration and it is inbounding 443 port.

1. Go to portal.azure.com.
2. Select Virtual Machines.
3. Select your Virtual machine.
4. Click on that and go to “network settings”.
5. Select “create port rule” -> “inbound port rule”.
6. Fill in the inputs below.
   

Click the “Add” button and here we are. Now, open your browser and navigate to mygrafana.eastasia.cloudapp.azure.com without a port number.

That is it. It is how we configure SSL certificates for Grafana hosted in Azure.