Hi,
Once we enable apache auth proxy, I am not able to do regular login with grafana directly from browser(Ex. by directly using http://GrafanaServerIP:3000).
Is there any way or grafana ini configuration that will keep me enable login through auth proxy as well as regular non auth proxy way?
Thanks,
I played about with this in Nginx and the way I came up with was to add a subdomain that didn’t include any of the auth proxy. This should be a MWE.
nginx.conf
http {
server {
listen 80;
server_name admin.example.com;
location /grafana/ {
proxy_pass http://grafana.staged-by-discourse.com/;
}
}
server {
listen 80;
server_name www.example.com;
location /grafana/ {
proxy_pass http://grafana.staged-by-discourse.com;
proxy_set_header X-WEBAUTH-USER test-user;
}
}
}
Grafana.ini
[server]
root_url = http://grafana.staged-by-discourse.com/grafana/
[auth.proxy]
enabled = true
auto_sign_up = false
Which means if I go to www.example.com/grafana/ I’m automatically logged in as my test user, whereas if I use admin.example.com/grafana then I’m shown the login screen.
1 Like
Thanks for kind response, I will test it out and let you know if any concern.
@matthewwilliamsonsd
Just a question, in root_url it should be public facing URL, why we need to have grafana URL there?
Yeah, I think it’s because of the nginx config actually accessing it at localhost which makes it work. So effectively, any request is actually coming in on http://grafana.staged-by-discourse.com. Someone with better knowledge may be able help!
1 Like