Grafana behind Nginx configuration

  • What Grafana version and what operating system are you using?
    Grafana V9.0.3 OSS

  • What are you trying to achieve?
    I am trying to restrict grafana users to only access the grafana login page thru reverse proxy (NGINX). I have a grafana instance running on port 3000 behind the nginx reverse proxy on the same local machine.
    reverse proxy works well, however I can still access the grafana thru http://localhost:3000, what I want is no once can access this web page, I want all grafana user to access the grafana thru nginx reverse proxy.

  • How are you trying to achieve it?
    I haven’t yet seen any blogs or tutorials on how to restric the users.

  • What happened?
    I can still access the grafana thru http://localhost:3000

  • What did you expect to happen?
    Grafana instance can only be access thru my nginx reverse proxy.

  • Can you copy/paste the configuration(s) that you are having problems with?
    This is my config on nginx:

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    No errors

  • Did you follow any online instructions? If so, what is the URL?
    I haven’t seen any blog related to this.

I don’t think what you want is entirely possible using a proxy_pass. If you are proxying to local port 3000 then that port by definition must be open locally.

Are you running a server? Or is this a closed network? Access to localhost shouldn’t be a problem if you are running Grafana on a VM or cluster and access to the vm / cluster is locked down

also, these are the types of config issues that are entirely eliminated when one uses Grafan cloud. You should set up a free-forever account and see if it makes setup easier:

The new Grafana Cloud: the only composable observability stack for metrics, logs, and traces, now with free and paid plans to suit every use case | Grafana Labs.

My Nginx and Grafana instance is running on same machine.

Will it be possible to close the port 3000 for non localhost (any client computers connected to a network) accessing the grafana?

And just open port for nginx which is port 443.
From there, they cannot access my grafana using the http://ipaddressofmyGrafana:3000

I just dont know if possible.