How to bring Grafana in HTTPS and Image Renderer service in HTTP mode

Grafana docker image runs in HTTP mode by defualt. We will bring this up in HTTPS and connect the remote image rendering service to it. GIR (Grafana Image Renderer) is used to render images of dashboards/panels.

This blog compiles many sites I visited to bring this configuration up.

As the first step, we need to create an SSL certificate and a private key to bring Grafana into HTTPS mode.

The following are the openssl commands to do the same.

Create a self-signed certificate and a private key

  1. To generate a private key (run these commands in an empty directory)
$ sudo openssl genrsa -out grafana.key 2048
  1. To generate the certificate
$ sudo openssl req -new -key grafana.key -out /etc/grafana/grafana.csr
  1. To self-sign the certificate with the private key
sudo openssl x509 -req -days 365 -in /etc/grafana/grafana.csr -signkey grafana.key -out grafana.crt
  1. Set appropriate permissions for the files
sudo chmod 400 grafana.key grafana.crt

Create a custom Grafana docker Image

  1. Create a custom.ini file in the same folder with the following code.
[server]
http_addr =
http_port = 3000
domain = localhost
root_url = https://localhost:3000
cert_key = /etc/grafana/grafana.key
cert_file = /etc/grafana/grafana.crt
enforce_domain = False
protocol = https

## This is for connecting grafana to GIR
[rendering]
server_url = http://renderer:8081/render
callback_url = https://grafana:3000/

[log]
filters = rendering:debug
  1. We will create a custom docker image from OSS grafana image. Create a dockerfile with the following content
FROM grafana/grafana:latest


COPY grafana.crt /etc/grafana/grafana.crt
COPY grafana.key /etc/grafana/grafana.key
COPY custom.ini /etc/grafana/grafana.ini
  1. Build the docker Image
docker build -t grafana-custom .

Integrate Grafana w/ GIR

  1. Create a docker-compose file with the following content
version: '2'
services:
  grafana:
    image: my-custom-grafana:latest
    ports:
      - '3000:3000'
    environment:
      - GF_RENDERING_SERVER_URL=https://renderer:8081/render
      - GF_RENDERING_CALLBACK_URL=https://grafana:3000/
      - GF_LOG_FILTERS=rendering:debug
  renderer:
    image: grafana/grafana-image-renderer:latest
    ports:
      - 8081
    environment:
       - GF_RENDERING_IGNORE_HTTPS_ERRORS= true
       - IGNORE_HTTPS_ERRORS=true
  1. And finally, you can run this command to bring everything up
docker-compose up

You are all set now :))) Cheers!

References for troubleshooting