How to keep Auth proxy and regular login enabled?

matthewwilliamsonsd · July 4, 2019, 11:09am

I played about with this in Nginx and the way I came up with was to add a subdomain that didn’t include any of the auth proxy. This should be a MWE.

nginx.conf

http {
    server {
	    listen 80;
	    server_name admin.example.com;

	    location /grafana/ {
		    proxy_pass http://grafana.staged-by-discourse.com/;
	    }
    }

    server {
	    listen 80;
	    server_name www.example.com;

	    location /grafana/ {
		    proxy_pass http://grafana.staged-by-discourse.com;
	  	    proxy_set_header X-WEBAUTH-USER test-user;
	    }
    }
}

Grafana.ini

[server]
root_url = http://grafana.staged-by-discourse.com/grafana/

[auth.proxy]
enabled = true
auto_sign_up = false

Which means if I go to www.example.com/grafana/ I’m automatically logged in as my test user, whereas if I use admin.example.com/grafana then I’m shown the login screen.