When your organization requires a branded or unified URL for Grafana dashboards, you can map a custom domain to your Managed Service for Grafana workspace. After setup, your team accesses Grafana through your own domain instead of the default system-assigned address.
Custom public domain names require the Pro Edition or Advanced Edition. If your workspace runs the Developer Edition, upgrade first: go to the ARMS console, open the target workspace, and click Upgrade next to Edition in the Basic Information section of the Workspace Information page.
How it works
Setting up a custom domain involves three steps:
Create a CNAME record in DNS that points your domain to the workspace's default address.
Register the domain in the Managed Service for Grafana console and configure the protocol, certificate, and route.
(Optional) Restrict access by adding source IP addresses to a network whitelist.
Prerequisites
Before you begin, make sure you have:
A registered public or private domain name with completed real-name verification (see Public Authoritative DNS Resolution)
Access to the Alibaba Cloud DNS console to manage DNS records
The default domain name of your Grafana workspace (found on the Workspace Information page)
(For HTTPS) An SSL certificate that matches your domain -- either an Alibaba Cloud SSL certificate or a PEM-encoded certificate and private key
Step 1: Add a CNAME record in DNS
Point your custom domain to the Grafana workspace's default domain by adding a CNAME record. The steps differ depending on whether you use a public or private domain.
Public domain
Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, choose Public DNS Resolution > Authoritative DNS Resolution.
On the Authoritative DNS Resolution page, find your domain and click DNS Settings in the Actions column.
On the DNS Settings tab, click Add DNS Record and configure the following parameters: For other parameters, see Add a DNS record.
Parameter Value Record Type Select CNAME Record Value Enter the default domain name of your Grafana workspace
Private domain
Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, click Private DNS (PrivateZone).
On the Private DNS (PrivateZone) page, choose Configuration Mode in the upper-right corner, and then click the Built-in Authoritative Module tab.
On the User Defined Zones tab, click Add New Zone. In the panel that appears, set the Built-in Authoritative Zone parameter, keep other parameters at their defaults, and click OK. For details, see Add a built-in authoritative zone.
Find the domain and click Resource Records Settings in the Actions column. On the Resource Records Settings tab, click Add Record.
In the Add Record panel, choose Form Editor Mode and configure the following parameters: For other parameters, see Form editor mode.
Parameter Value Record Type Select CNAME Hostname Enter @Record Value Enter the default domain name of your Grafana workspace
You can also use Visual Editor Mode instead of Form Editor Mode. For details, see Visual editor mode.
Step 2: Register the custom domain in the console
After the DNS record is in place, register the domain in the Managed Service for Grafana console.
Custom public domain names become unavailable if public network access is deactivated for the workspace.
Log on to the ARMS console. In the left-side navigation pane, choose Managed Service for Grafana > Workspace Management.
On the Workspace Management page, click the ID of the workspace that you want to manage.
In the left-side navigation pane, click Domain Name Management.
On the Domain Name Management page, click the Custom Public Domain Name tab.
Click Add Custom Public Domain Name. In the dialog box that appears, configure the following parameters and click OK.
Parameter Description Domain Name The domain name that has completed Internet Content Provider (ICP) filing. Example: example.comNetwork Protocol The protocol type displayed on the Workspace Information page Certificate Type Required when Network Protocol is set to HTTPS. Select one of the following options: Alibaba Cloud SSL Certificate -- select a certificate from the Certificate Name drop-down list. Upload -- manually enter the PEM certificate content and key Certificate Name Select the target Alibaba Cloud SSL certificate PEM Certificate Content The PEM-encoded certificate. Must begin with -----BEGIN CERTIFICATE-----and end with-----END CERTIFICATE-----PEM Certificate Key The PEM-encoded private key. Must begin with -----BEGIN RSA PRIVATE KEY-----and end with-----END RSA PRIVATE KEY-----Route Settings The default subpath of the Grafana workspace. Use /in most cases. Examples:/maps tohttps://<Grafana-Workspace-ID>.grafana.aliyuncs.com/./mypathmaps tohttps://<Grafana-Workspace-ID>.grafana.aliyuncs.com/mypath/
If you prefer not to upload your certificate to Alibaba Cloud, set up an NGINX reverse proxy instead. See Alternative: Use an NGINX reverse proxy.
(Optional) Step 3: Configure a network whitelist
To restrict Grafana access to specific users within a corporate intranet or VPC, add source IP addresses to a whitelist on the Whitelist and Security Group page. For details, see Configure a public IP address whitelist.
Alternative: Use an NGINX reverse proxy
If you prefer to terminate TLS locally rather than uploading your certificate to Alibaba Cloud, set up an NGINX reverse proxy to forward traffic to the Grafana workspace.
Apply the following NGINX reverse proxy configuration. Replace
g-xxxxxxxxxxxxx.grafana.aliyuncs.comwith your actual Grafana workspace address.location / { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://g-xxxxxxxxxxxxx.grafana.aliyuncs.com; }Verify that the Grafana workspace is accessible through your custom domain.