Open C-Duv opened 6 years ago
daniellee
commented
6 years ago Are you running the latest version of the Vonage plugin?
Don't think this has anything to do with the Worldmap panel but it is hard to see from the error message. Do you get the same error on a dashboard that just contains the Worldmap panel?
Patafix
commented
6 years ago Same version of pluging and same issues. I use grafna behind nginx reverse proxy with basic auth
Patafix
commented
6 years ago @daniellee
Do you get the same error on a dashboard that just contains the Worldmap panel?
Only error when the dashboard contains Worldmap
It's very clear that the header auth is not passed to the request, dont know why
C-Duv
commented
6 years ago I am not using Vonage plugin.
daniellee
commented
6 years ago @Patafix can you describe the error more? I think you might mean a different error than @C-Duv Are you referring to when using a json endpoint in the Worldmap settings?
@C-Duv Just tested with an nginxy proxy and ldap/auth proxy and the plugin loads fine. Can you provide more details, please.
Patafix
commented
6 years ago I have the exact same message in the first post. This morning i enable http basic auth and the error begin to show up. Everything working fine wihout basic auth. When you look to the request to load asset there is missing auth header so nginx throw 401
Patafix
commented
6 years ago Its seem Vonage pluging fix the same issue with this PR https://github.com/Vonage/Grafana_Status_panel/pull/82
daniellee
commented
6 years ago @Patafix I don't think that is the same issue. The problem with the Vonage panel was that it was importing code from the Graph panel which is not exported by Grafana anymore. This part of the issue might be relevant: https://github.com/grafana/grafana/issues/9509#issuecomment-341512097 Have you tried that workaround (excluding public/plugins)?
I still don't know how to reproduce your error unless you provide more details. Can you write down some simple steps that I can do to reproduce this error.
Patafix
commented
6 years ago @daniellee I use grafana deploy with kubernetes so i use the docker image, just 3 settings differents :
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
- name: GF_AUTH_PROXY_ENABLED
value: "TRUE"
- name: GF_AUTH_PROXY_ENABLED
value: "TRUE"For nginx same probleme, i dont use nginx directly but ingress-nginx-reverse proxy, so i have no conf to provide you.
I'm not using ldap.
I exclude /grafana/public from Basic Auth and it's work but not optimal...
C-Duv
commented
6 years ago Here are my configuration files (no Docker involved):
grafana.ini:
[server]
http_addr = 127.0.0.1
domain = server.example.com
root_url = %(protocol)s://%(domain)s:/grafana
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
ldap_sync_ttl = 60
whitelist = 127.0.0.1
[auth.basic]
enabled = true
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = trueldap.toml:
[[servers]]
host = "ldap.example.com"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=grafana,ou=System,dc=example,dc=com"
search_filter = "(uid=%s)"
search_base_dns = ["dc=example,dc=com"]
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=Groupes,dc=example,dc=com"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "uid"
member_of = "cn"
email = "mail"Nginx:
upstream grafana {
server 127.0.0.1:3000;
}
server {
server_name server.example.com;
# Proxy to Grafana
location /grafana/ {
auth_pam "Restricted";
auth_pam_service_name "nginx"; # See file in /etc/pam.d/
proxy_set_header X-WEBAUTH-USER $remote_user;
proxy_pass http://grafana/;
}
location = /grafana {
return 302 /grafana/;
}
# /Proxy to Grafana
}(I am using PAM based auth, but it should behave the same way using .htpasswd file)
daniellee
commented
6 years ago I did a quick test with nginx and basic auth and it worked fine:
events { worker_connections 1024; }
http {
sendfile on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
server {
listen 10080;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /grafana/ {
proxy_pass http://localhost:3000/;
}
}
}I also tested with an auth proxy header:
Grafana.ini:
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = usernameNginx (with auth proxy header):
events { worker_connections 1024; }
http {
sendfile on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
server {
listen 10080;
location /grafana/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/htpasswd;
proxy_set_header X-WEBAUTH-USER $remote_user;
proxy_pass http://localhost:3000/;
}
}
}What am I missing?
vazir
commented
6 years ago Got that error too. Using docker image of latest grafana
vazir
commented
6 years ago Noted that it works when I access IP directly. And does not when through NGINX proxy.
kellerkindt
commented
2 years ago FYI, this fixed it for me
#################################### Basic Auth ##########################
[auth.basic]
;enabled = true
enabled = false
Using the version 0.1.1 of the plugin I get the following error on my Grafana v5.2.1 instance:
After some researches it seems the issue is near the auth setup (cf. #111, Vonage/Grafana_Status_panel#114 and grafana/grafana#9509). I am using HTTP auth proxy (
auth.proxy.enabled = true) to restrict access + auth LDAP (auth.ldap.enabled = true) to fetch user informations.Is there plan to fix this or is it out of hands of worldmap-panel plugin?
Note: The breadcrumb plugin also have the same issue, but other panels works great.