I’m trying to setup Grafana behind our API Gateway that modifies the requests.
For Tempo I was able to set the subpath via the api prefix http_api_prefix: "/internal_tempo_name" but I didn’t manage to do this for Grafana.
- How are you trying to achieve it?
- Our domain is
grafana.external.com this is the url received by the api gateway
- The gateway transforms this to
internal.com/grafana
I’ve tried to set
GF_SERVER_DOMAIN = "grafana.example.com"
GF_SERVER_ROOT_URL = "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
GF_SERVER_SERVE_FROM_SUB_PATH = true
Which allowed me to access it via internal.com/grafana but not via grafana.external.com
- What did you expect to happen?
I expected it to be also available from grafana.external.com
- Can you copy/paste the configuration(s) that you are having problems with?
See above. I’ve only tried it with these 3 variables set.
- Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
The grafana UI works when accessed via the internal URL but not with the outside url.
- Did you follow any online instructions? If so, what is the URL?
I’ve looked up the configuration here: Run Grafana behind a reverse proxy | Grafana Labs
It feels like my issue is that the root url specifies both internal and external url. I always want to forward to the external url but expect traffic at the internal url.
Is there any way to configure my use case?
Title mentions Redirecting Gateway, but later you mention API Gateway. Is it AWS API Gateway? How is that Gateway configured?
Does Grafana work without Gateway correctly?
Thanks for the quick reply!
You are absolutely right. It’s an AWS gateway that does the following:
For incoming requests to
grafana.external.com we match the whole route with /{endpoint+} and send it to internal.com/grafana/{endpoint}
Internal is just short for our load balancer url so whenever I access the grafana instance via https://internal.com/grafana/login it works.
But if I try to use the external URL it tries to redirect to grafana.external.com/grafana/login.
Which kind of makes sense based on the root url config right?
I’ve added an additional route to the gateway in aws with /grafana/{endpoint+} and now it works also externally but now the grafana part is duplicated which is what we would like to avoid.
I would want it to be the url but without the grafana part i.e.grafana.external.com/login
I hope this explains the situation a bit better.
Yes, but that this is not a Grafana issue. This is configuration of your AWS API Gateway first. You need to check with your AWS support how you can “rewrite” url, so you will have “the url but without the grafana part i.e.grafana.external.com/login”
Maybe I didn’t get it correctly but we’re currently doing url rewrites from the incoming /+ to internal /grafana/+.
I think the problem is with grafana because the links it generates are grafana.external.com/grafana/login instead of grafana.external.com/login
And we also need that because all our internal services are at /service-name/ but externally use service-name.external.com
Additional note:
And having the GF_SERVER_SERVE_FROM_SUB_PATH variable set even adds the path specified in the root url so if I try to access it via grafana.external.com/login grafana will automatically forward me to the url with the additional grafana.external.com/grafana/login part, right?
We will most likely switch to a new system that doesn’t force us to append the service name and instead select the correct service by passing a header.
Still I would be interested in the feature where grafana expects data at /grafana and generates links at /
