Hi i’m tying to configurate a nginx reverse-proxy funcionality to get an JWT created in my website during the log in. the JWT is send as a Bearer in the autorization header, but it doesn’t work, my response all the time is 502 bas Gateway. I 'll show you my nginx.conf and my grafana.ini. I’m using the jwt module of the following github repository: Jason web token nginx module - github repository
Grafana and nginx are in docker containers and connected to the same network. I need your help please
NGINX.CONF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
load_module /usr/lib64/nginx/modules/ngx_http_auth_jwt_module.so;
events {
worker_connections 1024;
}
http {
upstream grafana {
server community.grafana.com;
}
server{
listen 8083;
location / {
auth_jwt_use_keyfile on;
auth_jwt_keyfile_path "/etc/nginx/public.pem";
auth_jwt_enabled on;
auth_jwt_algorithm RS256;
auth_jwt_location HEADER=Authorization;
auth_jwt_extract_request_claims username;
proxy_pass / http://grafana;
proxy_http_version 1.1;
proxy_hide_header Upgrade;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Host $host;
proxy_set_header Proxy-Connection "Keep-Alive";
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
# required to be able to read Authorization header in frontend
add_header 'Access-Control-Expose-Headers' 'Authorization' always;
if ($request_method = 'OPTIONS') {
# Tell client that this pre-flight info is valid for 20 days
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
}
GRAFANA.INI
[paths]
provisioning = /etc/grafana/provisioning
[server]
enable_gzip = true
# To add HTTPS support:
protocol = http
http_port = 8083
domain = localhost
root_url = %(protocol)s://%(domain)s:%(http_port)s/
router_logging=true;
#router_logging = false
static_root_path = public
#cert_file = /etc/certs/cert.pem
#cert_key = /etc/certs/cert-key.pem
[security]
# If you want to embed grafana into an iframe for example
allow_embedding = true
[users]
allow_sign_up = false
disable_login_form = true
[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
signing_key = password
key_file = /etc/certs/public.pem
signing_method=jwt
whitelist= localhost:8083 localhost:8080
auto_sign_up = true
username_claim = sub
enable_login_token=true
auto_login = true
url_login = true
Docker ports where the containers are:
Nginx log:
Response error google chrome:
THANK YOU!!
~ the grafana team