Hi,
We are trying to embed grafana dashboard in a web application in a secure way but it should not ask for login.
We tried quite a few things, but are yet to figure out the correct approach based on user or token based authentication. We are looking more into it.
Meanwhile one approach we found on discussion forums is to use nginx as reverse proxy and restrict the access to grafana based on URL which originate the request. In our case we will whitelist only web application’s domain. So only our web application’s domain will be allowed access to grafana. For this we will have to disable access to the outside world to port which grafana runs on (port 3000 in our case). Grafana can be accessed only via nginx reverse proxy.
Is this a good/valid solution? Any issues with this approach?
Actually Got it working using Google Auth ( my orgnization/company uses gmail/google) and by setting disable_login_form = true and oauth_auto_login = true in config file
@yjadhav thanks for sharing. Could you elaborate a bit.
I’m trying to achieve the same; embed grafana dashboards in a webapp where the user is authenticated with google oauth. Grafana too is authenticated with google oauth, but grafana and the web app are on different domains.
However, when I configure grafana with the hints you give above (disable_login_form = true and oauth_auto_login = true) and I add the grafana iframe in the webapp, the browser keeps giving errors like the following, and the grafana chart doesn’t load
"Refused to display 'https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=xxx&redirect_uri=https%3A%2F%xxx%2Flogin%2Fgoogle&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=xxx' in a frame because it set 'X-Frame-Options' to 'DENY'."
Curious what the difference in setups are. I’d really like to avoid having to go the path of putting grafana behind additional proxies.
