Multiple root_urls for grafana

In our setup, we have setup grafana to be accessible via two URLs (one while on VPN and other publicly but whitelisted to certain locations). We also have SSO enabled via generic OUATH against keycloak.
Let us assume the domains are external-domain.io and internal-domain.co.uk.
I have currently set the root_url to external url, as a result if the users try to use internal-domain url - when on the VPN - it redirects them to external url and they are not able to access. Users can manually change the URL (that contains the token), by replacing “external-domain” with “internal-domain” and it works. However, i wanted to know what is the right way to fix this so grafana works flawlessly for users regardless of whether they are using the external or internal URL.

This is not supported. Can only be accessible from one url

Don’t know exactly how your (company) network looks like but since @torkel stated it’s not supported I would create a pinpoint DNS zone and point it to the internal IP of your Grafana instance…

I just stumbled across this thread as I had the same problem.
Although graphana itself does not support two domains, this can be achieved with a smart proxy which does some rewriting on the second domain:

On the machine which runs grafana which is available under your the internal domain (lets say machine-a.my-company.com/grafana), use the standard NGINX configuration. In the NGINX of your external domain specify the following:

upstream recommender {
    server machine-a:443;
} 
server {
    location /grafana/ {
        proxy_pass https://machine-a;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Host machine-a.my-company.com;
        proxy_redirect https://machine-a.my-company.com/ /;
        gzip off;
    }
}

The proxy_pass basically does the trick. Grafana should now be available under whatever domain the seconda proxy is reachable too, as long as the second proxy has access to the original host.

1 Like