-
What Grafana version and what operating system are you using?
Grafana 9.3.1 -
What are you trying to achieve?
After update to Grafana 9.3.1 from 9.2.6. -
How are you trying to achieve it?
-
What happened?
login URL in nav menu item “Sign In” is wrong – missing the subpath. The site is behind a proxy. Although all other menu URLs are correct for example: https://domain.com/charts/dashboards" for Dashboards, the “Sign In” link is “https:/domain.com/?orgId=1&forceLogin=true” without the “charts/” subpath.
First nav menu item (the one with the grafana logo) promotes to correct login url: “https://domain.com/charts/login”. -
What did you expect to happen?
-
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
No errors in logs
:Hi @terawgm,
Welcome to the 
community support forums !!
Can you please share your:
1- Grafana configuration file
2- Proxy configuration file
3- Proxy based on Apache or Nginx?
Thanks
- I have change only some values from the default conf file, which are:
################################## Server ###############################
[server]
#Protocol (http, https, h2, socket)
protocol = https
#The public facing domain name used to access grafana from a browser
domain = site1.domain.com
#The full public facing url you use in browser, used for redirects and emails
#If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://site1.domain.com/charts/
#Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
serve_from_sub_path = true
#Log web requests
router_logging = true
#https certs & key file
cert_file = /etc/grafana/cert.pem
cert_key = /etc/grafana/key.pem
################################# Security ##################################
[security]
#default admin user, created on startup
admin_user = admin
#set to true if you host Grafana behind HTTPS. default is false.
cookie_secure = true
#set to true if you want to allow browsers to render Grafana in a frame, iframe, embed or object. #default is false.
allow_embedding = true
#################################### Anonymous Auth ######################
[auth.anonymous]
#enable anonymous access
enabled = true
#specify organization name that should be used for unauthenticated users
org_name = Main Org.
#specify role for unauthenticated users
org_role = Viewer
############################# Grafana Live ###################################
[live]
#allowed_origins is a comma-separated list of origins that can establish connection with Grafana Live.
#If not set then origin will be matched over root_url. Supports wildcard symbol "*".
allowed_origins = *
- Apache VH conf file
<VirtualHost *:443>
ServerAdmin site1-webmasters@domain.com
ServerName site1.domain.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/site1.crt
SSLCertificateKeyFile /etc/ssl/private/site1.key
AddDefaultCharset UTF-8
RewriteEngine On
# Make necessary changes below if php is not needed
# php_admin_value engine off
# Would this work without /tmp???
php_admin_value open_basedir /var/www/site1:/tmp
DocumentRoot /var/www/site1
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/site1>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
#RequestHeader set Host "site1.domain.com" #didn't work#
ProxyRequests Off
ProxyPreserveHost Off
# ProxyPreserveHost On #didn't work#
SSLProxyEngine On
<Location "/charts/">
#Header set Access-Control-Allow-Origin "*" #didn't work#
ProxyPass "https://site2.domain.com:3000/"
ProxyPassReverse "https://site2.domain.com:3000/"
</Location>
ErrorLog /var/log/apache2/site1/site1-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The below line is not needed since the 'vhosts_common' format is defined
# in /etc/apache2/conf-available/domain-logformat and enable at 'conf-enabled'
#LogFormat "%v:%p %h %l %u %t:%{ms}Tms PID:%P \"%r\" %>s %O %T \"%{Referer}i\" \"%{User-Agent}i\" \"%U\" \"%q\" IO:%I/%O" vhosts_common
CustomLog /var/log/apache2/site1/site1-access.log vhosts_common
CustomLog "|/usr/bin/logger -p local6.info" vhosts_common
</VirtualHost>
- Apache on Debian
Same
Nginx conf
location /grafana/ {
rewrite ^/grafana/(.*) /$1 break;
alias /usr/share/grafana/;
access_log /var/log/nginx/grafana_access.log main;
error_log /var/log/nginx/grafana_error.log;
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $http_host;
}
location /grafana/api/live/ {
rewrite ^/grafana/(.*) /$1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:3000;
}
Please check this post as I think it might help you to narrow it down when configuring a reverse proxy for Grafana.
Let us know if this helps.
Hello dear team,
I’m facing the same issue : after having migrated from 9.2.6 to 9.3.1, I lost my signing configuration that was working behind a Traefik proxy.
Here is a part of my Dockerfile configuration:
- GF_AUTH_ANONYMOUS_ORG_ROLE=Viewer
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_BASIC_ENABLED=false
- GF_ENABLE_GZIP=true
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_PROTOCOL=https
- GF_SERVER_DOMAIN=test.example.com
- GF_SERVER_ENFORCE_DOMAIN=true
- GF_SERVER_ROOT_URL=https://test.example.com/grafana
- GF_SERVER_SERVE_FROM_SUB_PATH=true
Before the migration, the Sign In link redirected me to https://test.example.com/grafana?orgId=1&forceLogin=true
This was working fine as my Traefik config matches to PathPrefix ‘/grafana’
After the migration, the Sign In link redirects me to https://test.example.com/?orgId=1&forceLogin=true
The subpath /grafana doesn’t appear anymore in the Sign In link and of course, my proxy sends me back a 404.
Please note that it’s not related to my Traefik configuration as it worked when I downgraded to 9.2.6 version of Grafana.
Any idea how to fix that point ?
Thanks for your help.
Vivien
Hi @vivienjacob and others too,
Well, I cannot find the reason that causes this and do not have different lab environments e.g. Trafeik Proxy.
So recommend that you can kindly open a bug report about this in our official GitHub repository using this link.
Provide all the information (you can simply copy/paste your data + screenshot from here to there).
Lastly, paste the link to your GitHub issue here so that all other community users can also track it.
I opened a issue on GitHub because I ran into exactly the same problem and searched some hours for a solution without success.
Link: Missing subpath on 'Sign In' navigation item behind proxy · Issue #63355 · grafana/grafana · GitHub
The previously opened issue was closed and they reopened an issue which points to this problem in v9.3.0.