Using HTTPS to access openHistorian web pages / grafana

Hello,

I have a problem with the https configuration of the web connection to OpenHistorian and Grafana.
One of our architectural rules requires (without any possible derogation) that all thin client flows must be encrypted in https.
Based on the following two pages:



I tried to make this configuration.
  • I generated a self-signed certificate (initially for testing, I’ll use a domain approve certificate in a second time if the test is OK) which I inserted into the Windows keystore as indicated. I then ran the three command lines (with the value 47da5d86-14a1-4f75-a5ad-c16928650522 for the service host GUID of openHistorian 2.8.132).
  • I then modified the openHistorian.exe.Config file to modify the following line:
  • Finally I modified the Custom.ini file of Grafana by modifying the following line:
    root_url = https://$HOSTNAME}:8181/grafana/

I am able to connect to the URL http://@IP:8181 and authenticate myself. However on this page the system health information list is ‘loading’ indefinitely. Same for the list of devices which is not displayed. At the level of the ‘trend/export’ page the measurements are not displayed either… The Web pages do not seem able to retrieve the information from the server/service.

In the OpenHistorian console I have this error :
image
and same message with port 6152.

When I try to access Grafana, I have a black page telling me that the application could not be loaded (I am using version 8.1.2 of Grafana which I have copied/pasted above the 7.3 installed by default with OpenHistorian version 2.8.132). This version 8.1.2 works very well in http.

I then uninstalled the 2.8.132 version of openhistorian and install the 2.8.52 that I was using 'till today ; but issues are the same.

Is there something I’m missing from the procedure clearly detailed in the second link I mentioned (evolution of the application, other options to consider?).
The possibility of being able to use HTTPS or not will be decisive in the production of the planned infrastructure.

Thanks by advance,

Regards

Did you change the user account for which the openHistorian is running? The default is NT SERVICE\openHistorian - this user needs “rights” to all HTTP or HTTPS ports.

For example:

netsh http add urlacl url=http://+:6151/ user=MyDomain\MyOHUser

Note that if an existing reservation exists, you cannot add or change this without removing first:

netsh http delete urlacl url=http://+:6151/

The installer typically sets all these up automatically when it asks for the service account.

Hello Ritchie,

Thanks for your quick reply.
I’ve put the log on user for the service on :
image
The 2 issues on port access 6151 and 6152 are resolved.

I tested again with openHistorian version 2.8.52, starting with the HTTP version of Grafana access (the by default one), and found something that might be interesting:
As I use a self-signed certificate which is no longer accepted by Edge, I switched during my tests to HTTPS by IE11 (which allows to bypass the alert message on certificate, and to access the targeted site). But it turns out that I get the same error message with IE11 to access Grafana even to access it in http on port 8080.

This reverse_proxy error message would therefore be more due to an incompatibility of Grafana 8.1.2 with IE11 than an HTTPS configuration problem.

I will get a certificate signed by my domain’s CA and then run the tests again with Edge.

Regards

I have just tried a workaround using Firefox, which allows both to bypass the warning message on ciphers based on self-signed certificates and to make the Grafana client work correctly.
It turns out that indeed Grafana therefore works well in HTTPS by following the protocol detailed in the Wiki page of the GIT.

So I think it will work under Edge with the certificate recognized by trusted CAs.

Thanks for the responses provided.

Regards

Edit : in Grafana I’ve add a button that allow to download some datas from the historian ; using the OH data download control

In https, it doesn’t work : Firefox can’t establish a connection to the server at wss://aaaa.bbbb.cccc.dddd:8181/grafana/api/live/ws
Is there another parameter to config in order to make it work ?

Edit2 : I change the link in the parameters off the control. Still not working with firefox but it may be due to firefox itself and not the https configuration. I’ll try with the final configuration using a trusted certificate and Edge ; and report here if it’s finally don’t work.