Grafana® - Tutorial: Expose Grafana® to the Internet via NGINX – Support Guides

Learn how to expose your managed Grafana® to the internet through the configuration of an NGINX instance in reverse proxy mode.

Managed Databases (also called Cloud Databases) can be deployed over a public network (internet) or private network. When using a private network, you don't have access by default to monitoring tools we provide as a service, like Cloud Databases for Grafana® (metrics) or OpenSearch (logs).¹

Schema concept:

NOTE: OVHcloud provides services for which you are responsible, with regard to their configuration and management. It is therefore your responsibility to ensure that they function correctly.
This guide is designed to assist you in common tasks as much as possible.

Requirements

a Public Cloud project in your OVHcloud account
access to the OVHcloud Control Panel
a Grafana® database running on your OVHcloud Public Cloud project (this guide can help you meet this requirement)

If you need more details on the private network configuration use this guide.

Instructions

Create a new instance in your vRack

This guide can help you to create a new instance in your vRack.

For this tutorial, we will use an Ubuntu 22.10 image to install NGINX.

Log in to your OVHcloud Control Panel and create a new compute instance in your vRack. If you need to expose your Reverse Proxy to a public network, please select the IP Floating address option.

Install NGINX

Once you have access to your new instance, update your system and install NGINX:

sudo apt update
sudo apt full-upgrade
sudo apt install nginx

Check if your NGINX service is installed and running correctly:

sudo systemctl status nginx

Configure NGINX

Regarding the NGINX configuration, we are going to follow the official Grafana® documentation.

Create a configuration file in the /etc/nginx/sites-enabled/ file:

# this is required to proxy Grafana Live WebSocket connections.
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

# this is upstream grafana. You can use dns name
upstream grafana {
  server your-grafana-12345abc-12345abc.database.cloud.ovh.us:443;
}

server {
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/your_certificate.crt;
  ssl_certificate_key /etc/nginx/ssl/your_certificate.key;

  location / {
    proxy_set_header Host $http_host;
    proxy_pass https://grafana;
  }

  # Proxy Grafana Live WebSocket connections.
  location /api/live/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $http_host;
    proxy_pass https://grafana;
  }
}

Be careful, replace the hostname of the Grafana® server your-grafana-12345abc-12345abc.database.cloud.ovh.us:443 with your own.

Also, update the certificates and SSL key. If necessary, you can create them for testing purposes or in a non-productive environment using the following commands:

sudo mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/your_certificate.key -out /etc/nginx/ssl/your_certificate.crt

Finally, reload NGINX.

sudo systemctl reload nginx

Now the NGNIX is configured in reverse proxy mode.

IP Packet forwarding

To redirect traffic from your Public IP to your Private IP, uncomment the following line in /etc/sysctl.conf to enable packet forwarding for IPv4:

net.ipv4.ip_forward=1

Then force the system to reload the kernel variables:

sudo sysctl -p

Connect to your managed Grafana®

Connect to your https reverse proxy server with your browser (accept the SSL certificate if needed). You do have now access to your predefined or customized dashboards.

Go further

For more information and tutorials, please see our other Cloud Databases support guides or explore the guides for other OVHcloud products and services.

[1]: The Grafana Labs Marks are trademarks of Grafana Labs, and are used with Grafana Labs’ permission. We are not affiliated with, endorsed or sponsored by Grafana Labs or its affiliates.