For the past week or so, I’ve been seeing occasional “unauthorized” messages in the Grafana webpage, and this line in the log:
logger=context userId=0 orgId=0 uname= t=2023-12-02T17:32:43.894792407Z level=info msg=“Request Completed” method=GET path=/api/live/ws status=401 remote_addr=172.24.80.239 time_ms=0 duration=676.986µs size=40 referer= handler=/api/live/ws
I think this may have started when I enabled https and OAuth in the Grafana config, but I’m not completely sure. Is there some additional config required to make this “live” websocket connection work? I’m not even using Grafana Live so I wouldn’t mind simply disabling it too if I could find a way to do that.
I’ve configured the following environment variables in Docker which may be relevant. (Redacted for privacy.)
- GF_SERVER_CERT_FILE=
- GF_SERVER_CERT_KEY=
- GF_SERVER_DOMAIN=
- GF_SERVER_ENFORCE_DOMAIN=false
- GF_SERVER_PROTOCOL=https
- GF_SERVER_ROOT_URL=
- GF_SECURITY_COOKIE_SECURE=true
- GF_AUTH_DISABLE_LOGIN_FORM=true
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
- GF_AUTH_GENERIC_OAUTH_API_URL=
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET__FILE=
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
- GF_AUTH_GENERIC_OAUTH_SCOPES=email openid profile
- GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=
