NGINX "Bad Gateway" after activating SMTP in grafana.ini

Hi,

I have a Grafana server (8.5.3) running behind NGINX. Everything was working normally for a long time. Yesterday I wanted to start using Grafana alerts. To do so I did set up a contact point (email), but the test notification failed saying that SMTP is not configured in grafana.in.
So I did that (see section from grafana.ini below) but after I restarted Grafana my Grafana instance could not be reached anymore. I got a “502 Bad Gateway” generated by NGINX. My NGINX configis shown below as well. If I commen the SMTP setting in grafana.ini and restart Grafana, everything is working again.
I’m confused, NGINX should only affect the incoming traffic. SMTP should be outgoing traffic and that’s why I dont understand why enabling SMTP has that effect.
Any idea how I could get SMTP in Grafana working?


Below I replaced my home outside IP address with MY_HOME_OUTSIDE_IP_ADDR and my server domain name (server which runs Grafana) with MY_SERVER.

NGINX error.log

2022/06/21 12:43:08 [error] 3625317#3625317: *1887 connect() failed (111: Connection refused) while connecting to upstream, client: MY_HOME_OUTSIDE_IP_ADDR, server: grafana.MY_SERVER.com, request: "GET /d/1v-6FQSMz/magnetometer-mfg-1s-at-tpso?orgId=3 HTTP/1.1", upstream: "http://127.0.0.1:3000/d/1v-6FQSMz/magnetometer-mfg-1s-at-tpso?orgId=3", host: "grafana.MY_SERVER.com"
2022/06/21 12:43:08 [error] 3625317#3625317: *1887 connect() failed (111: Connection refused) while connecting to upstream, client: MY_HOME_OUTSIDE_IP_ADDR, server: grafana.MY_SERVER.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:3000/favicon.ico", host: "grafana.midiwidi.com", referrer: "https://grafana.MY_SERVER.com/d/1v-6FQSMz/magnetometer-mfg-1s-at-tpso?orgId=3"

NGINX config

server {
    server_name grafana.MY_SERVER.com;
    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://grafana.staged-by-discourse.com/;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/MY_SERVER.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/MY_SERVER.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = grafana.MY_SERVER.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name grafana.MY_SERVER.com;
    return 404; # managed by Certbot
}

grafana.in (SMTP section)

#################################### SMTP / Emailing ##########################
[smtp]
enabled = true
host = smtp-mail.outlook.com:587
user = email-address@hotmail.com
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = 12MyPasSwOrD34
;cert_file =
;key_file =
skip_verify = true
from_address = Magnetometer@TPSO
from_name = Grafana
# EHLO identity in SMTP dialog (defaults to instance_name)
;ehlo_identity = dashboard.example.com
# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
startTLS_policy = MandatoryStartTLS

I figured out what the problem was. Grafana didn’l like the setting

from_address = Magnetometer@TPSO

I changed it to

from_address = myactualemailaddress@hotmail.com

and then it worked.

Hi,

I tried to send email alerts in grafana with : smtp-mail.outlook.com:587
Always have the same error : Authentification unsuccessfull (credentials are OK)

if you have any solutions/suggestions…

config grafana.ini
enabled = true
host = smtp-mail.outlook.com:587
user = xxx@hotmail.com

If the password contains # or ; you have to wrap it with triple quotes. Ex “”“#password;”“”

password = mypassword
;cert_file =
;key_file =
skip_verify = true
from_address = xxx@hotmail.com
from_name = Grafana

EHLO identity in SMTP dialog (defaults to instance_name)

;ehlo_identity = dashboard.example.com

SMTP startTLS policy (defaults to ‘OpportunisticStartTLS’)

startTLS_policy = MandatoryStartTLS

Thx