Learn how to expose your managed Grafana® to the internet through the configuration of an NGINX instance in reverse proxy mode.
Managed Databases (also called Cloud Databases) can be deployed over a public network (internet) or private network. When using a private network, you don't have access by default to monitoring tools we provide as a service, like Cloud Databases for Grafana® (metrics) or OpenSearch (logs).1
Schema concept:
This guide is designed to assist you in common tasks as much as possible.
Requirements
- a Public Cloud project in your OVHcloud account
- access to the OVHcloud Control Panel
- a Grafana® database running on your OVHcloud Public Cloud project (this guide can help you meet this requirement)
Instructions
Create a new instance in your vRack
For this tutorial, we will use an Ubuntu 22.10 image to install NGINX.
Log in to your OVHcloud Control Panel and create a new compute instance in your vRack. If you need to expose your Reverse Proxy to a public network, please select the IP Floating address option.
Install NGINX
Once you have access to your new instance, update your system and install NGINX:
sudo apt update sudo apt full-upgrade sudo apt install nginx
Check if your NGINX service is installed and running correctly:
sudo systemctl status nginx
Configure NGINX
Regarding the NGINX configuration, we are going to follow the official Grafana® documentation.
Create a configuration file in the /etc/nginx/sites-enabled/
file:
# this is required to proxy Grafana Live WebSocket connections. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # this is upstream grafana. You can use dns name upstream grafana { server your-grafana-12345abc-12345abc.database.cloud.ovh.us:443; } server { listen 443 ssl; ssl_certificate /etc/nginx/ssl/your_certificate.crt; ssl_certificate_key /etc/nginx/ssl/your_certificate.key; location / { proxy_set_header Host $http_host; proxy_pass https://grafana; } # Proxy Grafana Live WebSocket connections. location /api/live/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $http_host; proxy_pass https://grafana; } }
Be careful, replace the hostname of the Grafana® server your-grafana-12345abc-12345abc.database.cloud.ovh.us:443 with your own.
Also, update the certificates and SSL key. If necessary, you can create them for testing purposes or in a non-productive environment using the following commands:
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/your_certificate.key -out /etc/nginx/ssl/your_certificate.crt
Finally, reload NGINX.
sudo systemctl reload nginx
Now the NGNIX is configured in reverse proxy mode.
IP Packet forwarding
To redirect traffic from your Public IP to your Private IP, uncomment the following line in /etc/sysctl.conf
to enable packet forwarding for IPv4:
net.ipv4.ip_forward=1
Then force the system to reload the kernel variables:
sudo sysctl -p
Connect to your managed Grafana®
Connect to your https reverse proxy server with your browser (accept the SSL certificate if needed). You do have now access to your predefined or customized dashboards.
Go further
For more information and tutorials, please see our other Cloud Databases support guides or explore the guides for other OVHcloud products and services.
[1]: The Grafana Labs Marks are trademarks of Grafana Labs, and are used with Grafana Labs’ permission. We are not affiliated with, endorsed or sponsored by Grafana Labs or its affiliates.