Grafana behind nginx proxy

• What Grafana version and what operating system are you using?

Chrome: Version 119.0.6045.199 (Official Build) (arm64)

OS:
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

Linux grafana 6.1.0-15-arm64 #1 SMP Debian 6.1.66-1 (2023-12-09) aarch64 GNU/Linux

Grafana

• 10.2.0
• 10.2.2

nginx

• 1.25.3

• What are you trying to achieve?

Setup grafana behind nginx

• How are you trying to achieve it?

• What happened?
  The instructions just don’t work.

• What did you expect to happen?

• Can you copy/paste the configuration(s) that you are having problems with?

/etc/grafana/grafana.ini

[server]
http_addr = 127.0.0.1
http_port = 3000
domain = grafana.domain.com
root_url = https://grafana.domain.com/
enforce_domain = false
protocol = http

/etc/nginx/nginx.conf

user                 nginx;
pid                  /run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

# Load modules
include              /etc/nginx/modules-enabled/*.conf;

events {
    multi_accept       on;
    worker_connections 65535;
}

http {
    charset                utf-8;
    sendfile               on;
    tcp_nopush             on;
    tcp_nodelay            on;
    server_tokens          off;
    log_not_found          off;
    types_hash_max_size    2048;
    types_hash_bucket_size 64;
    client_max_body_size   16M;

    # MIME
    include                mime.types;
    default_type           application/octet-stream;

    # Logging
    access_log             off;
    error_log              /dev/null;

    # Load configs
    include                /etc/nginx/conf.d/*.conf;
    include                /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-enabled/grafana.conf

upstream grafana {
  server localhost:3000;
}

server {
    listen                  443 ssl;
    listen                  [::]:443 ssl;
    server_name             grafana.domain.com;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/grafana.domain.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/grafana.domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/grafana.domain.com/chain.pem;

    # logging
    access_log              /var/log/nginx/grafana.access.log combined;
    error_log               /var/log/nginx/grafana.error.log warn;

    location / {
      proxy_set_header Host $http_host;
      proxy_pass http://grafana;
    }

    # Proxy Grafana Live WebSocket connections.
    location /api/live/ {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $http_host;
      proxy_pass http://grafana;
    }

}

# HTTP redirect
server {
    listen      80;
    listen      [::]:80;
    server_name grafana.domain.com;

    location / {
        return 301 https://grafana.domain.com$request_uri;
    }
}

• Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

If you're seeing this Grafana has failed to load its application files


1. This could be caused by your reverse proxy settings.

2. If you host grafana under subpath make sure your grafana.ini root_url setting includes subpath. If not using a reverse proxy make sure to set serve_from_sub_path to true.

3. If you have a local dev build make sure you build frontend using: yarn start, or yarn build

4. Sometimes restarting grafana-server can help

5. Check if you are using a non-supported browser. For more information, refer to the list of supported browsers.

• Did you follow any online instructions? If so, what is the URL?
  Run Grafana behind a reverse proxy | Grafana Labs

Try this in the /etc/nginx/sites-enable/grafana.conf

   map \$http_upgrade \$connection_upgrade {
             default upgrade;
             '' close;
     }

     ##
     ## Config for grafana.domain.com
     ##
     server {
         listen 80;
         # *.domain.com
         server_name grafana.domain.com;

         #Redirect all nonssl request to ssl
         return 301 https://\$server_name\$request_uri;

         access_log /var/log/nginx/grafana-access.log;
         error_log  /var/log/nginx/grafana-error.log;
     }

     server {
         listen 443 ssl;
         server_name grafana.domain.com;

         access_log /var/log/nginx/grafana-access.log;
         error_log  /var/log/nginx/grafana-error.log;

     location / {
             proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto \$scheme;
             proxy_set_header X-Forwarded-Port \$server_port;
             proxy_set_header Host \$host;

             proxy_pass http://grafana:3000/;

             # WebSocket support (nginx 1.4)
             proxy_http_version 1.1;
             proxy_set_header Upgrade \$http_upgrade;
             proxy_set_header Connection \$connection_upgrade;
           }

         ssl_certificate /etc/ssl/domain.com/fullchain.crt;
         ssl_certificate_key /etc/ssl/domain.com/server.key;

         ssl_session_timeout  10m;
         ssl_session_tickets off;
         ssl_dhparam /etc/ssl/certs/dhparam.pem;

         ssl_protocols TLSv1.3 TLSv1.2;
         ssl_prefer_server_ciphers on;
         ssl_ecdh_curve secp521r1:secp384r1;
         ssl_ciphers EECDH+AESGCM:EECDH+AES256;

         ssl_session_cache shared:TLS:2m;
         ssl_buffer_size 4k;

         # OCSP stapling
         ssl_stapling on;
         ssl_stapling_verify on;
         resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]; # Cloudflare

         # Set HSTS to 365 days
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
     }

Regards,
Fadjar

Same problem, it doesn’t work. I’m using nginx/1.25.3

Check the browser network console: which requests are failing and how?