Maybe simple question, but I’m lost.
I’ve got a domain (Domain.X) that Grafana is installed on (DigitalOcean Droplet). I’m trying to allow our main domain users sign up and log in using their G Suite account which is on another domain (Domain.Y). I’ve got everything just about working, button shows up, can click on it and choose your account, but when it tries to redirect back to Domain.X it times out and gives ‘ERR_CONNECTION_TIMED_OUT’.
I’ve got the following ufw rules:
To Action From -- ------ ---- 2222/tcp ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH ALLOW Anywhere 8080/tcp ALLOW Anywhere 3000/tcp ALLOW Anywhere 2222/tcp (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6) OpenSSH (v6) ALLOW Anywhere (v6) 8080/tcp (v6) ALLOW Anywhere (v6) 3000/tcp (v6) ALLOW Anywhere (v6)
The Grafana Server is active (running) without any errors.
This is how I’ve got my grafana.ini:
[server] # Protocol (http, https, socket) ;protocol = https # The ip address to bind to, empty will bind to all interfaces ;http_addr = # The http port to use ;http_port = 3000 # The public facing domain name used to access grafana from a browser ;domain = localhost # Redirect to correct domain if host header does not match domain # Prevents DNS rebinding attacks ;enforce_domain = false # The full public facing url you use in browser, used for redirects and emails # If you use reverse proxy and sub path specify full url (with sub path) root_url = https://www.Domain.X:3000 # Log web requests ;router_logging = false # the path relative working path ;static_root_path = public [auth.google] enabled = true allow_sign_up = true client_id = CLIENT_ID client_secret = CLIENT_SECRET scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email auth_url = https://accounts.google.com/o/oauth2/auth token_url = https://accounts.google.com/o/oauth2/token api_url = https://www.googleapis.com/oauth2/v1/userinfo ;allowed_domains = Domain.X www.Domain.X
I’ve also got the OAuth setup as follows:
The OAuth consent screen is setup as follows:
Application type: Internal Authorized Domains: Domain.X, Domain.Y Application Homepage link: https://www.Domain.X/login
I’ve even added both the G Suite domain and the Grafana domain to the Domain verification within OAuth. I can log into it with the admin account. I just can’t log into it with any G Suite account. Is there something I’m missing?