安装
# 下载并安装(以 CentOS/RHEL 为例)
sudo yum install -y wget
wget https://dl.grafana.com/oss/release/grafana-11.2.3-1.x86_64.rpm
sudo yum localinstall -y grafana-11.2.3-1.x86_64.rpm
初始化安全配置
开机自启动设置
sudo systemctl daemon-reload
sudo systemctl enable --now grafana-server
首次登录改密浏览器访问 http://<服务器IP>:3000默认账号 admin / admin,首次会强制修改密码(≥8 位含大小写+数字+符号)。
开启HTTPS(自签证书)
自签证书
# 1. 生成私钥与证书(有效期 10 年)
sudo mkdir -p /etc/grafana/ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout /etc/grafana/ssl/grafana.key \
-out /etc/grafana/ssl/grafana.crt \
-subj "/C=CN/ST=BJ/L=BJ/O=MyOrg/CN=$(hostname -I | awk '{print $1}')"
# 2. 修改 Grafana 配置
sudo vim /etc/grafana/grafana.ini
配置修改:/etc/grafana/grafana.ini
[server]
protocol = https
http_addr = 0.0.0.0
http_port = 3000
domain = <你的域名或IP>
cert_file = /etc/grafana/ssl/grafana.crt
cert_key = /etc/grafana/ssl/grafana.key
[security]
# 强制强密码策略
disable_gravatar = true
allow_embedding = false
cookie_secure = true
cookie_samesite = strict
Nginx配置
server {
listen 443 ssl;
server_name grafana.example.com; # 换成你的域名或IP
ssl_certificate /etc/grafana/ssl/grafana.crt;
ssl_certificate_key /etc/grafana/ssl/grafana.key;
auth_basic "Grafana Access";
auth_basic_user_file /etc/nginx/auth/grafana.htpasswd;
location / {
proxy_pass https://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
问题
1、配置错误:*.ini 是配置文件,永远不要 source 或直接执行
-bash: app_mode: command not found
-bash: /etc/grafana/grafana.ini: line 10: syntax error near unexpected token `;
-bash: /etc/grafana/grafana.ini: line 10: `;instance_name = ${HOSTNAME}'
重新修改
# 1. 用编辑器改,不要 source/执行
sudo vim /etc/grafana/grafana.ini
# 2. 改完重启服务即可
sudo systemctl restart grafana-server
# 利用 grafana-server 自带校验(非必须)
sudo grafana-server --config /etc/grafana/grafana.ini --config-check
2、测试访问被拒
curl https://127.0.0.1:3000
curl: (7) Failed to connect to 127.0.0.1 port 3000: Connection refused
排查解决
# 检查grafana执行状态
sudo systemctl status grafana-server
# 返回inactive(dead)的话,执行启动命令
sudo systemctl start grafana-server
sudo systemctl enable grafana-server
# 返回fail, 查看grafana执行日志
sudo journalctl -u grafana-server -n 50
# 确认监听地址和端口
sudo netstat -tunlp | grep grafana
# 或
sudo ss -tunlp | grep 3000
# 重启命令
sudo systemctl restart grafana-server
# 本机验证,返回 HTTP/1.1 200 OK则正常
curl -I http://127.0.0.1:3000/login
3、自签证书问题
could not load SSL certificate: open /etc/grafana/ssl/grafana.key: permission denied
修复证书权限
# 让 grafana 用户拥有读取权
sudo chown -R grafana:grafana /etc/grafana/sslsudo
chmod 600 /etc/grafana/ssl/*.keysudo
chmod 644 /etc/grafana/ssl/*.crt
临时注释(先验证HTTP访问)
# 临时注释掉 HTTPS 三行
sudo sed -i 's/^protocol = https/;protocol = https/' /etc/grafana/grafana.ini
sudo sed -i 's/^cert_file =/;cert_file =/' /etc/grafana/grafana.ini
sudo sed -i 's/^cert_key =/;cert_key =/' /etc/grafana/grafana.ini
重启并验证
sudo systemctl daemon-reload
sudo systemctl restart grafana-server
# 看状态
systemctl is-active grafana-server
# 本机测试
curl -I http://127.0.0.1:3000/login
验证无问题,修改grafana.ini,再重启grafana
protocol =
httpscert_file = /etc/grafana/ssl/grafana.crt
cert_key = /etc/grafana/ssl/grafana.key
上一条:Grafana 12.3 新版本发布说明:交互式学习体验、全新日志可视化等精彩功能
下一条:Grafana 12.1 正式发布
沪公网安备31011302006932号