Hi guys
It has been mentioned to me here when logging onto the OpenHistorian website that it is using http and not https. I tried changing the WebHostURL value in the config file to https, but that didn’t work.
As I am not a web programmer, is there somewhere else I need to look in the configuration to be able to use the website ( and Grafana ) using https?
Copying this from our internal documentation.
Adding SSL to self hosted web applications:
Add SSL:
netsh http add sslcert ipport=[::0]:8181 appid={0ef0b9ad-9030-40ec-9dad-05b778299e29} certhash=8a34f61b4c638709e1373d221ac1d0d6926e0130
netsh http add sslcert ipport=0.0.0.0:8181 appid={0ef0b9ad-9030-40ec-9dad-05b778299e29} certhash=8a34f61b4c638709e1373d221ac1d0d6926e0130
Where:
· appID = [assembly: Guid("value")] from AssemblyInfo.cs
· certhash = "Thumbprint" from certificate details with no spaces
** Note that certificate must be installed to Local Computer / Personal / Certificates in order for it to be associated with self-hosted web port.
Remove SSL:
netsh http delete sslcert ipport=[::0]:8181
netsh http delete sslcert ipport=0.0.0.0:8181
Update host.exe.config file:
<add name="WebHostURL" value="https://+:8181" description="The web hosting URL for remote system management." encrypted="false" />
Thanks Stephen.
I added the cer files to the Personal keystore and then issued the command above and got an error.
After some googling, apparently the error was due to their being no private key, which is correct. I then used makecert to make a PFX file as outlined by yourself in an earlier post I made about subcriptions. This did have a private key and I was able to add it to the personal store with the command above.
The issue I am having is I export the certificate from this to the openhistorian folder using this command
Then start the OpenHistorian Service. The service just overwrites this file so the private key is missing again!
Any suggestions on what I am doing wrong?
Could be that there are two certificates with the same name, i.e., openHistorian, and when the service runs it looks up the original one. There are key stores per user, including one for the default openHistorian service user called NT SERVICE\openHistorian. Could just use a different name for the certificate?
Hi Ritchie
I made one with a different name and same problem. I did however get it to work after I issued this command
netsh http add urlacl url=https://+:8181/ user=Everyone
The next problem is configuring Grafana to also work via https. I cannot get it working with the same certificate as it is also asking for a key/pen file. I am assuming because Grafana is developed on Linux I will need to use the OpenSSL tool for Windows to generate files that Grafana can use. Going through that procedure now.
Hi,
I am having trouble getting Grafana to work under https via the OpenHistorian web.
I can login and view https pages under OpenHistorian now, if I choose the Grafana option I just get a waiting for localhost… message and it just sits there.
If I uncomment the root_url line in the Grafana config file custom.ini,and start Grafana up manually, then I can see pages (but with a lot of unauthorized boxes popping up), so I know it works, I just can’t get it to work with OpenHistorian pass through.
OpenHistorian is setup to start at https://localhost:8181
If I start up Grafana manually and leave the root_url line in, I get this, so I know its connecting somewhat.
Any ideas on this?
[server]
# Protocol (http, https, socket)
protocol = https
# The ip address to bind to, empty will bind to all interfaces
http_addr = 127.0.0.1
# The http port to use
http_port = 8181
# The public facing domain name used to access grafana from a browser
domain = localhost
;domain = localhost:8181
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://${HOSTNAME}:8181/grafana/
;root_url = https://localhost:8181/grafana/
# Log web requests
;router_logging = false
# the path relative working path
;static_root_path = public
# enable gzip
enable_gzip = true
# https certs & key file
cert_file = Noja-063-3-1.crt
cert_key = Noja-063-3-1.pem
# Unix socket path
;socket =
Since the embedded instance of Grafana is being served through openHistorian as a reverse proxy, I would expect you would not need to change any values inside the Grafana configuration, i.e., leave the internal instance of Grafana alone and not using https - this OK since the default configuration is bound to localhost and not accessible off machine nor usable outside of openHistorian, i.e., trying to directly browse to Grafana instance locally setup for reverse proxy will not work properly. Then since you have secured openHistorian traffic you will necessarily also secured Grafana traffic.
Now if you are hosting an external instance of Grafana, then you would need to change configuration settings as recommended above.
I will setup local https here to see if can gain any insight for you…
Ritchie
FYI - Grafana hosted through openHistorian reverse proxy with SSL enabled worked fine for me.
I’ve created a better set of instructions on the openHistorian GitHub WiKi:
Thanks!
Ritchie
Thanks Ritchie!. I was able to get https working with OpenHistorian no problem following that guide. I am still unable to get Grafana working with the default custom.ini file though. I just get a waiting for localhost status bar for a minute, then I get a blank screen as shown here.
I did have a look in the Grafana log file and it seems to be starting ok.
t=2019-08-05T11:57:38+1000 lvl=warn msg="[Removed] Session setting was removed in v6.2, use remote_cache option instead" logger=settings
t=2019-08-05T11:57:38+1000 lvl=info msg="Starting Grafana" logger=server version=6.2.5 commit=6082d19 branch=HEAD compiled=2019-06-26T03:56:19+1000
t=2019-08-05T11:57:38+1000 lvl=info msg="Config loaded from" logger=settings file="C:\\Program Files\\openHistorian\\Grafana/conf/defaults.ini"
t=2019-08-05T11:57:38+1000 lvl=info msg="Config loaded from" logger=settings file="C:\\Program Files\\openHistorian\\Grafana\\conf\\custom.ini"
t=2019-08-05T11:57:38+1000 lvl=info msg="Path Home" logger=settings path="C:\\Program Files\\openHistorian\\Grafana"
t=2019-08-05T11:57:38+1000 lvl=info msg="Path Data" logger=settings path="C:\\Program Files\\openHistorian\\Grafana\\data"
t=2019-08-05T11:57:38+1000 lvl=info msg="Path Logs" logger=settings path="C:\\Program Files\\openHistorian\\Grafana\\data\\log"
t=2019-08-05T11:57:38+1000 lvl=info msg="Path Plugins" logger=settings path="C:\\Program Files\\openHistorian\\Grafana\\data\\plugins"
t=2019-08-05T11:57:38+1000 lvl=info msg="Path Provisioning" logger=settings path="C:\\Program Files\\openHistorian\\Grafana\\conf\\provisioning"
t=2019-08-05T11:57:38+1000 lvl=info msg="App mode production" logger=settings
t=2019-08-05T11:57:38+1000 lvl=info msg="Initializing SqlStore" logger=server
t=2019-08-05T11:57:38+1000 lvl=info msg="Connecting to DB" logger=sqlstore dbtype=sqlite3
t=2019-08-05T11:57:38+1000 lvl=info msg="Starting DB migration" logger=migrator
t=2019-08-05T11:57:38+1000 lvl=info msg="Initializing HTTPServer" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Initializing InternalMetricsService" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Initializing RemoteCache" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Initializing QuotaService" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Initializing LoginService" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Initializing PluginManager" logger=server
t=2019-08-05T11:57:39+1000 lvl=info msg="Starting plugin search" logger=plugins
t=2019-08-05T11:57:45+1000 lvl=info msg="Registering plugin" logger=plugins name=openHistorian
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing RenderingService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing AlertingService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing DatasourceCacheService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing HooksService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing SearchService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing ServerLockService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing TracingService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing UsageStatsService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing UserAuthTokenService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing CleanUpService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing NotificationService" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing provisioningServiceImpl" logger=server
t=2019-08-05T11:57:45+1000 lvl=info msg="Initializing Stream Manager"
t=2019-08-05T11:57:45+1000 lvl=info msg="HTTP Server Listen" logger=http.server address=127.0.0.1:8185 protocol=http subUrl=/grafana socket=
Would it help if you supply me the config file you are using? I have also tried the latest version of Grafana 6.2.5 with the same issue. Just for the sake of testing, I did try altering the custom.ini file with combinations of http/https/8180/8181 but nothing worked.
Ok I have it working now with https. Seems I also changed the “HostedURL” setting to port 8181 as well in the config file. Putting that back to 8185 fixed the issue.
Thanks for all your help!