nginx 反向niginx代理背后的grafana验证

hkmswyz6 于 2023-08-03 发布在 Nginx

关注(0)|答案(3)|浏览(157)

我正在运行一个带有Django后端的React应用程序。用户可以通过django登录到我的应用程序，然后被重定向到我的react应用程序。现在我想展示一个grafana面板。我已经设置了一个带有反向代理（用于https）的自托管grafana示例。当我使用grafanas anonymous_authentication时，我可以毫无问题地嵌入面板（iframe）。但这不是我的选择。对我来说也不是一个选项，是在app/iframe中的登录页面。我阅读了很多关于通过反向代理管理身份验证的文章。但由于我是一个nginx noob，我真的不知道我如何实现这一点。
有人能给我指路吗？我想我得通过代理登录到grafana
我的nginx设置到目前为止：

server {
    server_name  myserver.co;

    location / {
        proxy_set_header Host $http_host;
        proxy_pass           http://localhost:3000/;
    }
    ##here is also some cert stuff
}
server {
    if ($host = myserver.co) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;
    server_name  myserver.co;
    return 404; 
}

字符串

nginx

来源：https://stackoverflow.com/questions/76424602/authentication-for-grafana-behind-a-reverse-niginx-proxy

3条答案

按热度按时间

1mrurvl11#

你有没有试过使用auth_request从Nginx？它将允许您在允许/拒绝访问Grafana之前进行验证。

server {
    server_name myserver.co;

    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://localhost:3000/;
    }

    location /grafana/ {
        auth_request /auth;
        proxy_set_header Host $http_host;
        proxy_pass http://localhost:3001/;
    }

    location = /auth {
        internal;
        proxy_pass http://localhost:8000/auth/;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
    }

}

server {
    if ($host = myserver.co) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;
    server_name myserver.co;
    return 404;
}

字符串

赞(0）回复(0）举报 2023-08-03

iyr7buue2#

我也有grafana在nginx后面，我不得不在我的grafana.example.com服务器部分添加所有这些特定的位置块：

location / {
            if ($http_origin ~* (https?://[^/]*\.example\.com(:[0-9]+)?)) {  #Test if request is from allowed domain, you can use multiple if
                set $cors "true";                                               #statements to allow multiple domains, simply setting $cors to true in each one.
            }

            if ($cors = 'true') {
                add_header  Access-Control-Allow-Origin $http_origin;           #this mirrors back whatever domain the request came from as authorized, as
                add_header  "Access-Control-Allow-Credentials" "true";          #as long as it matches one of your if statements
                add_header  "Access-Control-Allow-Methods" "GET, OPTIONS";
                add_header  "Access-Control-Allow-Headers" "Authorization, origin, accept";
            }
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                #
                # Custom headers and headers various browsers *should* be OK with but arent
                #
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain; charset=utf-8';
                add_header 'Content-Length' 0;
                return 204;
            }
            if ($request_method = 'POST') {
                add_header 'Access-Control-Allow-Origin' '*' always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
            }
            if ($request_method = 'GET') {
                add_header 'Access-Control-Allow-Origin' '*' always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
            }

            proxy_set_header Host $host;
            proxy_pass http://127.0.0.1:3000;
        }

        location /api/live/ws {
            proxy_pass http://127.0.0.1:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }

字符串

赞(0）回复(0）举报 2023-08-03

dtcbnfnu3#

grafana在nginx后面，我不得不在我的grafana.example.com服务器部分添加所有这些特定的位置块：--http://festyy.com/egHayi

赞(0）回复(0）举报 2023-08-03