Can I sign a private plugin without knowing exact rootUrl

fyzjw123 · July 17, 2024, 6:29am

Hello,

I developed a plugin which I want to share with a few person. Since this plugin is used between a few users, I don’t plan to publish it to plugin category. So, I am trying to sign a private plugin, but I can’t assume what’s the exact root_url of the grafana instance where this plugin will be installed. I tried wildcards, such as “.com", ".**”, signing command succeeded, but grafana couldn’t load my plugin

What can I do to sign my plugin?

ebabeshko · July 17, 2024, 1:34pm

Maybe allowing this plugin to be loaded unsigned in grafana.ini would be suitable in your case?

[plugins]
allow_loading_unsigned_plugins = fyzjw123-private-plugin

fyzjw123 · July 18, 2024, 12:24am

Thanks @ebabeshko for your reply, this maybe not suitable, users are prefer to disable allow_loading_unsigned_plugins.

academo · July 19, 2024, 6:25am

Hi @fyzjw123

You can find all information about signing private plugins in our documentation Sign a plugin | Grafana Plugin Tools

To reply to your question, no, you must specify the rootUrl when you sign a private plugin. If you wish your plugin to work in all instances without specifying it you’ll have to go through the review process to publish your plugin in the Grafana catalog or allow grafana to load an unsigned plugin.

fyzjw123 · July 19, 2024, 9:16am

OK, got it. Thanks @academo

vaduga · August 27, 2024, 7:42am

i actually have the opposite problem when running Grafana using docker compose. I can sign my plugin only to be used with localhost:3000, otherwise grafana won’t register it upon load.
This way i can’t restrict my plugin to be used only on certain domains

academo · August 28, 2024, 6:28am

Share the command you are using to sign your plugin. It might be you are putting the wrong parameters.

vaduga · August 28, 2024, 1:45pm

npx @grafana/sign-plugin@latest --rootUrls https://mapgl.org

Grafana docker container logs:

logger=plugin.signature t=2024-08-28T13:32:36.75597604Z level=warn msg="Could not find root URL that matches running application URL" plugin=vaduga-mapgl-app appUrl=http://localhost:3000/ rootUrls=[https://mapgl.org/]
logger=plugin.loader t=2024-08-28T13:32:36.879017826Z level=warn msg="Skipping loading plugin due to problem with signature"

so,
npx @grafana/sign-plugin@latest --rootUrls http://localhost:3000
works, but then the plugin can be used on any domain. How do I make it restricted to certain domains, and still use docker compose?

academo · August 28, 2024, 5:36pm

@vaduga are you running grafana behind a reverse proxy? are you correctly setting the domain in the configuration file?

vaduga · August 29, 2024, 12:32am

thanks a lot! Specifying the same domain in dockerfile as in manifest file was enough to register the signed plugin
ENV GF_SERVER_DOMAIN "mapgl.org"

Topic		Replies	Views
How to sign plugins for root urls using globs Signing & publishing	1	82	August 2, 2024
Root_url not a valid rootUrl for signing a plugin Signing & publishing plugins	5	2309	May 6, 2022
Private plugin not picked by helm deployment Signing & publishing	1	935	September 8, 2023
Grafana Panel - Sign a Private Plugin Signing & publishing	13	3767	February 28, 2024
Grafana Datasource - Sign a Private Plugin Signing & publishing	6	1150	November 14, 2022

Can I sign a private plugin without knowing exact rootUrl

Related topics