REST API is always returning 401 Unauthorized in docker on CentOS

I’m having trouble getting the Grafana REST API to work in a docker container on CentOS. All requests to the API always return 401 Unauthorized:

# curl -i http://admin:admin@localhost:3000/api/org
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Content-Type: application/json; charset=UTF-8
Expires: -1
Pragma: no-cache
Set-Cookie: grafana_sess=cec5af221bb4e0b9; Path=/; HttpOnly
Date: Fri, 10 Nov 2017 20:29:47 GMT
Content-Length: 31

  "message": "Unauthorized"

When I check the log for the request, it seems the uname field is empty:

t=2017-11-10T20:24:24+0000 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/api/org status=401 remote_addr= time_ms=0 size=31 referer=

  • I have no trouble loading the web pages.
  • I’ve tried various versions of Grafana from 4.6.1 going back to 4.0.2 and they all return 401 Unauthorized when they run inside containers.
  • I see the same problem whether I run curl from the host OS or whether I shell into the container using docker exec and run the curl.
  • I’ve run the same Grafana versions outside docker, and they all behave properly and return the expected responses.
  • I’ve run some of the docker images inside a docker container on MacOS and they all behave properly.

So it seems to be specific to accessing the Grafana REST API running inside a docker container on CentOS.

Is the host networking somehow stripping off the basic auth information from the URL? Is there maybe some network configuration that would affect this?

I’m really kinda lost here. I appreciate any ideas at all.

OK. My face is red now. Someone edited the docker-compose.yml file to disable basic auth. Re-enable it and everything works fine.

I apologize for my stupidity.