I’ve just installed Grafana OSS v12.3.0 on Debian 13 using Grafan’s own APT repository. It seems to be working okay but in the Apache reverse proxy’s logs there is a regular stream of:
192.168.218.242 - - [30/Nov/2025:17:41:54 +0000] "GET /grafana/api/live/ws HTTP/1.1" 400 12
I have followed the documentation for an Apache reverse proxy, so my Apache config looks like:
<VirtualHost *:443>
# …
ProxyPreserveHost On
ProxyPass /grafana http://127.0.0.1:3000
ProxyPassReverse /grafana http://127.0.0.1:3000
ProxyPass / http://127.0.0.1:3000/grafana
ProxyPassReverse / http://127.0.0.1:3000/grafana
</VirtualHost>
This needs to be in the sub-url /grafana so I’ve followed that part of the instructions. I don’t understand why it needs the second set of ProxyPass and ProxyPassReverse but anyway, that’s what the documentation says so I did it.
In /etc/grafana/grafana.ini there’s:
[server]
http_addr = 127.0.0.1
root_url = https://foo.example.com/grafana/
enable_gzip = true
[security]
admin_email = webmaster@example.com
cookie_secure = true
[users]
allow_sign_up = false
allow_org_create = false
Everything else is left commented out at defaults.
So, first of all, is this Apache reverse proxy config correct? I note that for the nginx example on the same page it does something special for the live API websocket:
server {
# …
# Proxy Grafana Live WebSocket connections.
location /api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass http://grafana;
}
}
but there is nothing about this in the Apache example on the page. Is it missing or is nothing needed for Apache?
I’ve searched around for other examples of using an Apache reverse proxy for Grafana and none that I can find do anything special for /api/live/ws either. I do find many people saying they are having problems with it similar to me, but no definitive answers.
Next, I don’t really know what Grafana Live even is and don’t really intend to use Grafana for anything except queries to Prometheus REST API, so I don’t think I would mind if this functionality was disabled anyway.
I see in the documentation that setting max_connections to 0 should disable Grafana Live, and after doing that I do no longer see requests to /api/live/ws from my logged-in browser. Is there anything I will miss by doing this, assuming I do only want to query Prometheus’s REST API?
I see in the sample grafana.ini that there is this (commented out):
# allowed_origins is a comma-separated list of origins that can establish connection with Grafana Live.
# If not set then origin will be matched over root_url. Supports wildcard symbol "*".
;allowed_origins =
Should that be set to something?
Thanks!