I tried to configure reverse proxy to enable auto login using the domain (IP) using this - http://docs.grafana.org/installation/behind_proxy/#running-grafana-behind-a-reverse-proxy. I am not able to view without login.
httpd.conf
<VirtualHost *:80>
ServerAdmin webmaster#authproxy
ServerName authproxy
ErrorLog "logs/authproxy-error_log"
CustomLog “logs/authproxy-access_log” common
<Proxy *>
AuthType Basic
AuthName GrafanaAuthProxy
AuthBasicProvider file
AuthUserFile /etc/apache2/grafana_htpasswd
Require valid-user
RewriteEngine On
RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER},NS]
RequestHeader set X-WEBAUTH-USER "%{PROXY_USER}e"
</Proxy>
RequestHeader unset Authorization
ProxyRequests Off
ProxyPass / http://IP:3000/
ProxyPassReverse / http://IP:3000/
content of /etc/apache2/grafana_htpasswd grafanaid:grafanapwd
grafana.ini
;domain = http://IP
;root_url = http://IP:3000/
#################################### Auth Proxy ##########################
[auth.proxy]
;enabled = true
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
Related
I have a small envirnment where I have 3 services on one server and I want to put all three behind a reverse proxy.
Prometheus server running on port 9090
Prometheus Alert manager running on port 9093
Grafana running on port 3000
My current configuration is below
<VirtualHost *:80>
ServerName metrics.example.com
Redirect permanent / https://metrics.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName metrics.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/apache2/ssl.crt/example.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/example.key
ErrorLog /var/log/apache2/metrics.example.com-error_log
CustomLog /var/log/apache2/metrics.example.com-access_log combined
<Location "/">
ProxyPreserveHost On
ProxyPass http://localhost:9090/
ProxyPassReverse http://localhost:9090/
</Location>
<Location "/alertmanager/">
ProxyPreserveHost On
ProxyPass http://localhost:9093/
ProxyPassReverse http://localhost:9093/
</Location>
<Location "/grafana/">
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
# <Proxy *>
# AuthType Basic
# AuthName "Restricted Content"
# AuthUserFile /etc/apache2/.htpasswd
# Require valid-user
# </Proxy>
</VirtualHost>
For now everything works, but Prometheus and Alertmanager don't have own auth, Grafana does. If I uncomment section Grafana stops working. The goal is to protect both Prometheus and Alertmanager with basic auth but not the Grafana instance.
Is it possible (and how) to protect root ("/") directory and /alertmanager subdirectory but with omitting /grafana subdirectory in single vhost?
I want to configure an apache Auth proxy for access to QuestDB that does not have Authentication system. I try it to VM in a first time.
I made a very simple configuration:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<Proxy *>
Order deny,allow
Allow from all
AuthType Basic
Authname "Password Required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Proxy>
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
ProxyRequests Off
</VirtualHost>
I configured my QuestDB with a bind adress http://127.0.0.1:9000.
When I go to http://myipadress and give my Apache authentified user, I have :
Bad request
refresh
Content without CSS
refresh
Bad request
refresh
QuestDB opened
refresh
and looping like this forever.
Any idea ?
When I just set the ProxyPass / ProxyPassReverses lines, I got the same phenomenom.
I have enabled my Apache server mods : proxy_http, proxy, rewrite and cache and the default ones that are enabled.
The below config is working for me. I think the difference is I am not using a DocumentRoot.
<VirtualHost *:80>
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
AuthType Basic
Authname "Password Required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Proxy>
ProxyRequests Off
ServerName 127.0.0.1:80
ServerAlias localhost
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
</VirtualHost>
i am trying to configure apache as a reverse proxy with basic auth. The problem is that URL credentials should not be proxied to the service (http://localhost:8000).
For example: if the user access http://user:password#my-host.com , the URL credentials should not be passed like http://user:password#localhost:8000, it should be just http://localhost:8000
The conf file:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ProxyRequests off
<Location />
AuthType Basic
AuthName "namex"
AuthUserFile /etc/apache2/.htpasswd
Require valid-use
ProxyPass http://localhost:8000/
Order allow,deny
Allow from all
RequestHeader set Authorization "Basic base64userpass"
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
How should i do that?
Thanks!
Trying to set up Nexus 3.3.2-02 and Jetty appears to ignore the HTTPS in the base URL config. Nexus hits the landing page but hangs at "Initializing" and fails to load static content.
I have added the base path capability to Nexus and have triple checked that it is using the correct URL. However if I load up the file static/rapture/bootstrap.js it is replacing HTTPS in the base URL with HTTP.
This is where I can see the switch occurring if I load the boostrap.js directly ...
https://[removed]/nexus3/static/rapture/bootstrap.js
Ext.Loader.setConfig({
enabled: false
});
Ext.app.addNamespaces('NX.coreui');
Ext.app.addNamespaces('NX.proui');
Ext.ns('NX');
NX.global = (function() {
if (window !== undefined) {
return window;
}
if (global !== undefined) {
return global;
}
Ext.Error.raise('Unable to determine global object');
}());
Ext.ns('NX.app');
NX.app.baseUrl = 'http://[removed]/nexus3';
NX.app.urlSuffix = '_v=3.3.2-02';
etc/nexus-default.properties:
# Jetty section
application-port=8091
application-host=0.0.0.0
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-
http.xml,${jetty.etc}/jetty-requestlog.xml
nexus-context-path=/nexus3
# Nexus section
nexus-edition=nexus-oss-edition
nexus-features=\
nexus-oss-feature
The proxying here works for existing Nexus v2 and seems to be working for Nexus v3 ...
apache2.conf
<VirtualHost *:443>
########################
# SSL config
########################
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/[removed]/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[removed]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/[removed]/chain.pem
ServerName [removed]
########################
# Proxy config
########################
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Order deny,allow
Allow from all
# Use following line instead of the previous two on Apache >= 2.4
#Require all granted
</Proxy>
########################
# Nexus config
########################
<Location /nexus>
ProxyPass http://localhost:8090/nexus nocanon
ProxyPassReverse /nexus
</Location>
<Location /nexus/>
ProxyPass http://localhost:8090/nexus/ nocanon
ProxyPassReverse /nexus/
</Location>
<Location /nexus/*>
AuthType Basic
AuthName "Nexus"
Require valid-user
AuthBasicProvider file
AuthUserFile "/etc/apache2/gerrit-users"
Require valid-user
</Location>
########################
# Nexus3 config
########################
<Location /nexus3>
ProxyPass http://localhost:8091/nexus3 nocanon
ProxyPassReverse /nexus3
</Location>
<Location /nexus3/>
ProxyPass http://localhost:8091/nexus3/ nocanon
ProxyPassReverse /nexus3/
</Location>
<Location /nexus3/*>
AuthType Basic
AuthName "Nexus"
Require valid-user
AuthBasicProvider file
AuthUserFile "/etc/apache2/gerrit-users"
Require valid-user
</Location>
</VirtualHost>
You need to set the "X-Forwarded-Proto" header in Apache as described here:
http://books.sonatype.com/nexus-book/reference3/install.html#_example_reverse_proxy_ssl_termination_at_base_path
I have a problem with the apache reverse proxy configuration..
I have a service running on port 3000 and when i try to do the login even if it's succesfull it keeps me in the login page..i think it's a cookie session problem but i can't figure out a solution..
ServerAdmin webmaster#localhost
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
<proxy *>
Order Allow,Deny
Allow from all
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</proxy>
ProxyPass "/" "http://127.0.0.1:3000/"
ProxyPassReverse "/" "http://127.0.0.1:3000/"
ProxyPassReverseCookieDomain "http://127.0.0.1:3000/" "http:foo/"
This configuration finally works..
<VirtualHost *:*>
ServerAdmin webmaster#localhost
ServerName http://localhost
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyErrorOverride On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
<Location />
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
RequestHeader unset Authorization
Order Allow,Deny
Allow from all
</Location>