Managed Service for Grafana enables mapping your workspace to a custom public domain, satisfying the requirement for individuals or businesses to use a unified domain.
This feature is only available in the Pro Edition and Advanced Edition. If you are using the Developer Edition, you need to change the edition. Log on to the Managed Service for Grafana console, navigate to the target workspace, click Upgrade next to Edition in the Basic Information section of the Workspace Information page, and then upgrade the workspace to the Pro Edition or Advanced Edition on the page that appears.
Custom public domain names become unavailable once public domains are deactivated.
Prerequisites
A public or private domain name has been registered and completed real-name verification. This topic uses Public Authoritative DNS Resolution as an example to walk you through adding a DNS record. For more information, see Public Authoritative DNS Resolution.
Step 1: Add a DNS record
Public domain name
Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, choose Public DNS Resolution > Authoritative DNS Resolution.
On the Authoritative DNS Resolution page, find the domain name and click DNS Settings in the Actions column.
On the DNS Settings tab, click Add DNS Record. In the dialog box that appears, set the parameters and click OK. The following table describes the key parameters.
Parameter
Description
Record Type
Select CNAME to point your domain to another domain.
Record Value
Enter the record value as the default domain name of the Grafana workspace.
Set other parameters based on your needs. For more information, see Add a DNS record.
Private domain name
Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, click Private DNS (PrivateZone).
On the Private DNS (PrivateZone) page, choose Configuration Mode in the upper-right corner, and then click the Built-in Authoritative Module tab.
On the User Defined Zones tab, click Add New Zone tab. In the panel that appears, set the Built-in Authoritative Zone parameter, keep other parameters default, and then click OK.
Set other parameters based on your needs. For more information, see Add a built-in authoritative zone.
Find the domain name and click Resource Records Settings in the Actions column. On the Resource Records Settings tab, click Add Record.
In the Add Record panel, choose Form Editor Mode, set the parameters, and then click OK. The following table describes the key parameters.
Parameter
Description
Record Type
Select CNAME to point your domain to another domain.
Hostname
Enter @.
Record Value
Enter the record value as the default domain name of the Grafana workspace.
Set other parameters based on your needs. For more information, see Form editor mode.
NoteBesides Form Editor Mode, you can also use Visual Editor Mode. For more information about Visual Editor Mode, see Visual editor mode.
Step 2: Add a custom public domain name
Log on to the ARMS console. In the left-side navigation pane, choose .
On the Workspace Management page, click the ID of the workspace that you want to manage.
In the left-side navigation pane, click Domain Name Management.
On the Domain Name Management page, click the Custom Public Domain Name tab.
Click Add Custom Public Domain Name. In the dialog box that appears, set the following parameters and click OK.
Parameter
Description
Domain Name
The domain name that has completed Internet Content Provider (ICP) filing. Example: example.com.
Network Protocol
The protocol type displayed on the Workspace Information page.
Certificate Type
If the Network Protocol parameter is set to HTTPS, the certificate type is required.
Alibaba Cloud SSL Certificate: Select an Alibaba Cloud SSL certificate from the Certificate Name drop-down list.
Upload: Manually enter the Privacy-Enhanced Mail (PEM) certificate content and key.
NoteIf you do not want to upload the certificate to Alibaba Cloud, you can configure an NGINX reverse proxy. For more information, see Configure an NGINX reverse proxy.
Certificate Name
Select the target Alibaba Cloud SSL certificate.
PEM Certificate Content
Enter the PEM certificate content. The PEM certificate content must begin with
-----BEGIN CERTIFICATE-----and end with-----END CERTIFICATE-----.PEM Certificate Key
Enter the PEM certificate key. The key must begin with
-----BEGIN RSA PRIVATE KEY-----and end with-----END RSA PRIVATE KEY-----.Route Settings
Specify the default subpath of the Grafana workspace. In general cases, we recommend that you use
/in the subpath. For example:If configured as
/, the Grafana workspace address ishttps://[Grafana Workspace ID].grafana.aliyuncs.com/.If configured as
/mypath, the Grafana workspace address ishttps://[Grafana Workspace ID].grafana.aliyuncs.com/mypath/.
(Optional) Step 3: Configure a network whitelist
To restrict Grafana service access to specific users within a corporate intranet or VPC, configure a whitelist on the Whitelist and Security Group page by source IP address. For more information, see Configure a public IP address whitelist.
Configure an NGINX reverse proxy
If you do not want to upload the certificate to Alibaba Cloud, you can configure an NGINX reverse proxy.
Apply the following NGINX reverse proxy configurations:
location / { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://g-xxxxxxxxxxxxx.grafana.aliyuncs.com; //Replace the proxy_pass value with the actual Grafana workspace address. }Check if the Grafana service is accessible through the proxy.