I’m using Grafana with InfluxDB and have build a couple of dashbords for private use. I must say I love the ease of use and flexibility that Grafana offers. I currently have Grafana behind a firewall and access it through a SSH tunnel (port forwarding).
For my latest Grafana project I have built visualizations/dashboards for trading related data. I really like the insights they provide and I would like to share it with the world. So I would like to offer public anonymous access to a several of these dashboards. However I need to do it in a safe way. Initially I thought that generating snapshots would be the best and safest option, because I could just generate the snapshots and then serve them from another web server. However this will not work well for two reasons: Firstly I need to update these snapshots frequently (several times pr. minute). This will take up too many CPU resources and it will also increase bandwidth. Secondly my users vil lose the ability to interact with the charts and I think that is important in this case.
So the best option would be to allow public access to the dashbords. Anonymous access would be a big bonus. So I have been reading about the Authproxy. The ability to auto sign-up users, and assigning them a role with limited permissions sounds really promising. I have Apache installed and could use that for reverse proxy as suggested in the article. I don’t understand all the technical aspects of the proxy approach but I hope I can get it working. One big question remains: Is it safe to give public access this way or will it for example be easy for an attacker to delete InfluxDB-data or gain access to the server? It is not that the information in Grafana or InfluxDB are sensitive in any way, but security on the server is quite important to me and I don’t want to provide attacker an easy way in.