Hi,
completely new to Grafana, but at least I got it installed and working nicely with my influxdb.
However, I completely struggle to connect to my dashboard or the login panel from outside through VPN (zerotier). And must admit that I’m an absolute noob when it comes to networking beyond the basics.
Grafana runs on a Pi, which connects via ethernet to my router. The Pi has Zerotier installed and I have access to all my other stuff on the machine via VPN. Locally I have full access to Grafana, also from other machines within the same network.
Looking into grafana.log I get this:
‘’’ t=2019-04-10T18:37:51+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=xxx.xx.xx.xxx time_ms=1 size=29 referer= ‘’’
IP-address hidden by me. Nothing else to see in the log, which indicates an error or problem.
Since I do have absolutely no clue how to set Grafana in terms of correct network settings, I’m kindly requesting help.
Cheers
Stefanie
When you access grafana from another machine on the local network what do you put in the browser url?
When you try to access it via the VPN what are you putting in the URL and what do you see in the browser?
To answer your first question: local ip address of the machine where grafana is installed plus port number: 192.168.178:36:4000
Via VPN I use the public ip address (which is assigned to the Pi, which also has Zerotier installed) plus port number: xxx.xxx.xxx.xxx:4000
I use port 4000 (changed in grafana.ini because the default port was already used by another server.
After a while the browser says: request timed out.
That is not the normal method of accessing via a vpn, normally that would get you into the local network and you would use the same ip address. At least it is not way my VPN works. However perhaps yours is different.
When you said you have access to all the normal stuff via the vpn can you give an example of how you access it using that ip address?
Understood. But that’s the way Zerotier is working.
In the same way as described above: Pi’s public IP address and port number. For example: xxx.xxx.xxx.xxx:3000 gives me access to a SignalK Server running on the same machine as Grafana.
What do you see if you open the Developer Console in your browser and refresh the page?
I need to check that out. Currently trying through my mobile phone, but will test through the laptop.
Do you need to tell the VPN s/w to allow particular ports or something like that?
If grafana works on the local network but not via the VPN then it has to be something to do with the VPN I think.
No. Zerotier is using NAT Traversal (whatever that means). So does not make port forwarding or something like that.
Maybe I should try a different VPN?
Can’t tell about the developer console since I have no idea how this works. But in Safari on my MBP it says: Safari cannot open xxx.xxx.xxx.xxx:4000, because the server on that site doesn’t answer.
In the grafana ini file in the [server] section where you changed the port did you change anything else? http addr for example?
No. Here is the [server] section:
[server]
Protocol (http, https, socket)
;protocol = http
The ip address to bind to, empty will bind to all interfaces
;http_addr =
The http port to use
;http_port = 4000
The public facing domain name used to access grafana from a browser
;domain = localhost
Redirect to correct domain if host header does not match domain
Prevents DNS rebinding attacks
;enforce_domain = false
The full public facing url you use in browser, used for redirects and emails
If you use reverse proxy and sub path specify full url (with sub path)
;root_url = http://localhost:4000
Log web requests
;router_logging = false
the path relative working path
;static_root_path = public
enable gzip
;enable_gzip = false
https certs & key file
;cert_file =
;cert_key =
Unix socket path
;socket =
Well, that didn’t paste as I wanted. Sorry.
Are you running a firewall that might be blocking 4000 on the VPN address?
You could try enabling router_logging (its in the bit you posted). That suggests you might get more detail in the log though I have not tried it.
Otherwise I think you may need to learn how to use some network monitor s/w such as tcpdump to work it out (or find someone who knows how to do that).
No firewall installed. And if, it would have blocked the other ports to other servers on the same machine as well.
I tried enabling router_logging but couldn’t see any more info in the log file.
Interestingly the login somehow shows up, but doesn’t proceed any further.
Yes, will try a little more or even thinking of changing the VPN, if that cures the problem.
Thanks very much for your kind help!
You didn’t say that before. So what exactly happens when you connect, in detail?
I was speaking of the log file, where it shows up. Please see my initial post.
On the browser side nothing happens until I get the message that the server doesn’t respond. On the server side it logs a login:
t=2019-04-10T18:37:51+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=xxx.xx.xx.xxx time_ms=1 size=29 referer=
The hidden ip address is the Zerotier IP for the machine where Grafana is installed.
It would be worth googling for how to open the developer console in you browser and seeing what is going on. That will show you whether the response to the first GET is getting back to the browser. I suspect it is not.
I see that Zerotier is not a true VPN, though whether that is a factor I don’t know. I run my own VPN on a Pi.
Yes, I think I will get familiar with the dev console first.
May I ask which VPN you are using? OpenVPN?
From the dev console: Failed to load resource: Zeitüberschreitung bei der Anforderung. (Request Timeout). That is what I get.
