How to keep Auth proxy and regular login enabled?

Hi,

Once we enable apache auth proxy, I am not able to do regular login with grafana directly from browser(Ex. by directly using http://GrafanaServerIP:3000).
Is there any way or grafana ini configuration that will keep me enable login through auth proxy as well as regular non auth proxy way?

Thanks,

I played about with this in Nginx and the way I came up with was to add a subdomain that didn’t include any of the auth proxy. This should be a MWE.

nginx.conf

http {
    server {
	    listen 80;
	    server_name admin.example.com;

	    location /grafana/ {
		    proxy_pass http://grafana.staged-by-discourse.com/;
	    }
    }

    server {
	    listen 80;
	    server_name www.example.com;

	    location /grafana/ {
		    proxy_pass http://grafana.staged-by-discourse.com;
	  	    proxy_set_header X-WEBAUTH-USER test-user;
	    }
    }
}

Grafana.ini

[server]
root_url = http://grafana.staged-by-discourse.com/grafana/

[auth.proxy]
enabled = true
auto_sign_up = false

Which means if I go to www.example.com/grafana/ I’m automatically logged in as my test user, whereas if I use admin.example.com/grafana then I’m shown the login screen.

1 Like

Thanks for kind response, I will test it out and let you know if any concern.

@matthewwilliamsonsd

Just a question, in root_url it should be public facing URL, why we need to have grafana URL there?

Yeah, I think it’s because of the nginx config actually accessing it at localhost which makes it work. So effectively, any request is actually coming in on http://grafana.staged-by-discourse.com. Someone with better knowledge may be able help!

1 Like