I am trying to implement Grafana Auth Proxy as documented at
- Django auth -> valid session on Grafana behind NGINX
Based on how it works, it seems
X-WEBAUTH-USER is set in plain text. So any one who can spoof it, can get logged in.
Grafana does have a IP Whitelist, BUT I dont think its practice to maintain IP Addresses of Docker Containers (Django and Grafana are running in separate docker containers).
- Is there a better implementation to achieve some thing more secured?
- Can whitelist have a easier value?