In our setup, we have setup grafana to be accessible via two URLs (one while on VPN and other publicly but whitelisted to certain locations). We also have SSO enabled via generic OUATH against keycloak.
Let us assume the domains are external-domain.io and internal-domain.co.uk.
I have currently set the root_url to external url, as a result if the users try to use internal-domain url - when on the VPN - it redirects them to external url and they are not able to access. Users can manually change the URL (that contains the token), by replacing “external-domain” with “internal-domain” and it works. However, i wanted to know what is the right way to fix this so grafana works flawlessly for users regardless of whether they are using the external or internal URL.
This is not supported. Can only be accessible from one url
Don’t know exactly how your (company) network looks like but since @torkel stated it’s not supported I would create a pinpoint DNS zone and point it to the internal IP of your Grafana instance…
I just stumbled across this thread as I had the same problem.
Although graphana itself does not support two domains, this can be achieved with a smart proxy which does some rewriting on the second domain:
On the machine which runs grafana which is available under your the internal domain (lets say machine-a.my-company.com/grafana), use the standard NGINX configuration. In the NGINX of your external domain specify the following:
upstream recommender {
server machine-a:443;
}
server {
location /grafana/ {
proxy_pass https://machine-a;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host machine-a.my-company.com;
proxy_redirect https://machine-a.my-company.com/ /;
gzip off;
}
}
The proxy_pass basically does the trick. Grafana should now be available under whatever domain the seconda proxy is reachable too, as long as the second proxy has access to the original host.
Sorry for hijacking the thread, but I thought since this is exactly my problem it’d be okay.
I’m currently running 2 instances of Grafana (One Live and One for testing)
The Live one is running v8.1.4
I have a setup that I have multiple NGinx Server blocks (like vHosts) pointing to the same instance, e.g.
are all pointing to the same Grafana Instance, just that each person has his own login and with that login sees a different Org / His own dashboards. In the Dashboards, I have a table widget with Links. I have defined the Links in the table as
d/XXX/dashboard_name?&var-name=${__data.fields[0]}
No Problem with that, navigating through the different dashboards using those links works fine.
Now on the Dev Instance I updated to Grafana v9.3.2 and now suddenly when clicking a link in the table I get sent to community.grafana.com/XXX (Which is what’s configured in the grafana.ini file since I have multiple DNS entries pointing to the same instance). I also tried to change the Link in the Table to
https://personb.domain.com/d/XXX/dashboard_name?&var-name=${__data.fields[0]}
and also tried to clear the browser cache, but I still get pointed to the community.grafana.com
My NGinx Config looks like this:
server_name persona.domain.com;
underscores_in_headers on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50M;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
location / {
proxy_pass "http://docker_container:3000/";
proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_cache_bypass $http_upgrade;
}
Does anyone have an idea why the setup stopped working with the migration from v8 to v9? Would like to move the live instance to v9 as well but will keep it v8 for now due to this issue.
Thanks for any suggestions, or do I need to share more information?