Access from Local Network without Credential

I need to access some Grafana items from internal network without password, but from Internet the same item should be protected with username and password.
Is there a way to perform this?

Many Thanks

Grafana has the Auth Proxy feature that allows you to offload authentication to a reverse proxy like Nginx or something custom built. You could use an auth proxy for your internal users and everyone else would have to log in as normal.

This works by your proxy (Nginx, Apache, IIS) setting a HTTP header (by default X-WEBAUTH-USER) on the request. Grafana will trust what ever username is contained in this header and automatically log the user in.

This will however create a security hole, as your internal users will be logging in via the proxy and your external users will be going directly to Grafana. Those external users could fake the header and get logged in automatically. To prevent this, you need to set the auth.proxy whitelist config option and white list the ip address for your proxy and thus preventing anyone else from pretending that they are the proxy.

Hi @daniellee,
thanks for exaustive explanation. So in case I don’t want Autentetication internally, I have just to setup reverse proxy to pass the correct header without asking for auth?


Yes, although you have to enable auth.proxy in the Grafana config as well.

You still need to get the username from somewhere. Or are all internal users going to use the same login?

in true is for in my home use. I need to show graph on to my Tabled used for Home Automation.
So all internal device will use same user


Hi @daniellee,
I configured apache and grafana into article you linked.
I created a user in grafana with same username used in proxy auth.
In IE i got this:

in Chrome this:

Can you help me?