1

I have got problem with setting up Grafana behind reverse proxy. Configuration below does not work. What's odd, I managed to get login page and login successfully a few times after a few nginx reloads. But right after login redirection to https://www.mydomain.io/grafana fails and I have got that screen with orange warning.

My configs

nginx.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.mydomain.io;

    # SSL
    ssl_certificate /ssl/cert/...;
    ssl_certificate_key /ssl/cert/...;
    ssl_trusted_certificate /ssl/cert/...;

    location /grafana/ {
        proxy_pass http://grafana:3001/;
    }

docker-compose.yml

version: "3"
services:
    grafana:
        container_name: grafana
        image: grafana/grafana:latest
        volumes:
          - ./grafana/provisioning/:/etc/grafana/provisioning/
          - grafana_vol:/var/lib/grafana
        environment:
          - "GF_SECURITY_ADMIN_PASSWORD=pwd"
          - GF_USERS_ALLOW_SIGN_UP=false
          - GF_INSTALL_PLUGINS=grafana-piechart-panel
          - GF_SERVER_HTTP_PORT=3001
          - GF_SERVER_PROTOCOL=http
          - GF_SERVER_DOMAIN=www.mydomain.io
          - GF_SERVER_ROOT_URL=https://www.mydomain.io/grafana/
          - GF_SERVER_SERVE_FROM_SUB_PATH=true
        expose:
          - 3001
        networks:
          - my_network

volumes:
   grafana_vol:

networks:
   my_network:
pjoter
  • 163
  • 2
  • 13

1 Answers1

3

Ok, so I found solution. Besides given config i was importing another one where I set strict Content-Security-Policy headers.

You need to allow: script-src: 'unsafe-eval' 'unsafe-inline'; You can do it only for one location even if you already add one somewhere else (headers may be duplicated as long as they can be correctly concatenated, see: Are Duplicate HTTP Response Headers acceptable?).

Updated config contains:

location /grafana/ {
 add_header Content-Security-Policy "script-src: 'unsafe-eval' 'unsafe-inline';";
 proxy_pass http://grafana:3001/;
}

See: https://github.com/grafana/grafana/issues/6820 and https://github.com/grafana/grafana/issues/16655

pjoter
  • 163
  • 2
  • 13