Open C-Duv opened 6 years ago
Are you running the latest version of the Vonage plugin?
Don't think this has anything to do with the Worldmap panel but it is hard to see from the error message. Do you get the same error on a dashboard that just contains the Worldmap panel?
Same version of pluging and same issues. I use grafna behind nginx reverse proxy with basic auth
@daniellee
Do you get the same error on a dashboard that just contains the Worldmap panel?
Only error when the dashboard contains Worldmap
It's very clear that the header auth is not passed to the request, dont know why
I am not using Vonage plugin.
@Patafix can you describe the error more? I think you might mean a different error than @C-Duv Are you referring to when using a json endpoint in the Worldmap settings?
@C-Duv Just tested with an nginxy proxy and ldap/auth proxy and the plugin loads fine. Can you provide more details, please.
I have the exact same message in the first post. This morning i enable http basic auth and the error begin to show up. Everything working fine wihout basic auth. When you look to the request to load asset there is missing auth header so nginx throw 401
Its seem Vonage pluging fix the same issue with this PR https://github.com/Vonage/Grafana_Status_panel/pull/82
@Patafix I don't think that is the same issue. The problem with the Vonage panel was that it was importing code from the Graph panel which is not exported by Grafana anymore. This part of the issue might be relevant: https://github.com/grafana/grafana/issues/9509#issuecomment-341512097 Have you tried that workaround (excluding public/plugins)?
I still don't know how to reproduce your error unless you provide more details. Can you write down some simple steps that I can do to reproduce this error.
@daniellee I use grafana deploy with kubernetes so i use the docker image, just 3 settings differents :
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
- name: GF_AUTH_PROXY_ENABLED
value: "TRUE"
- name: GF_AUTH_PROXY_ENABLED
value: "TRUE"
For nginx same probleme, i dont use nginx directly but ingress-nginx-reverse proxy, so i have no conf to provide you.
I'm not using ldap.
I exclude /grafana/public from Basic Auth and it's work but not optimal...
Here are my configuration files (no Docker involved):
grafana.ini
:
[server]
http_addr = 127.0.0.1
domain = server.example.com
root_url = %(protocol)s://%(domain)s:/grafana
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = true
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
ldap.toml
:
[[servers]]
host = "ldap.example.com"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=grafana,ou=System,dc=example,dc=com"
search_filter = "(uid=%s)"
search_base_dns = ["dc=example,dc=com"]
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=Groupes,dc=example,dc=com"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "uid"
member_of = "cn"
email = "mail"
Nginx:
upstream grafana {
server 127.0.0.1:3000;
}
server {
server_name server.example.com;
# Proxy to Grafana
location /grafana/ {
auth_pam "Restricted";
auth_pam_service_name "nginx"; # See file in /etc/pam.d/
proxy_set_header X-WEBAUTH-USER $remote_user;
proxy_pass http://grafana/;
}
location = /grafana {
return 302 /grafana/;
}
# /Proxy to Grafana
}
(I am using PAM based auth, but it should behave the same way using .htpasswd file)
I did a quick test with nginx and basic auth and it worked fine:
events { worker_connections 1024; }
http {
sendfile on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
server {
listen 10080;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /grafana/ {
proxy_pass http://localhost:3000/;
}
}
}
I also tested with an auth proxy header:
Grafana.ini:
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
Nginx (with auth proxy header):
events { worker_connections 1024; }
http {
sendfile on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
server {
listen 10080;
location /grafana/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/htpasswd;
proxy_set_header X-WEBAUTH-USER $remote_user;
proxy_pass http://localhost:3000/;
}
}
}
What am I missing?
Got that error too. Using docker image of latest grafana
Noted that it works when I access IP directly. And does not when through NGINX proxy.
FYI, this fixed it for me
#################################### Basic Auth ##########################
[auth.basic]
;enabled = true
enabled = false
Using the version 0.1.1 of the plugin I get the following error on my Grafana v5.2.1 instance:
After some researches it seems the issue is near the auth setup (cf. #111, Vonage/Grafana_Status_panel#114 and grafana/grafana#9509). I am using HTTP auth proxy (
auth.proxy.enabled = true
) to restrict access + auth LDAP (auth.ldap.enabled = true
) to fetch user informations.Is there plan to fix this or is it out of hands of worldmap-panel plugin?
Note: The breadcrumb plugin also have the same issue, but other panels works great.