Sanitizing Proxy for Public Access

OK, here is an idea that is probably utterly hair-brained but maybe (just maybe) could be a way forward.

We all know that allowing public access to Grafana is to expose all your backend metrics, but it would be lovely to be able to allow anyone to see certain dashboards.

Would it make sense to have a proxy server that is configured to allow access to certain dashboards and that does not pass the user’s request to grafana, but instead uses the user’s request to map to a dashboard url.
So for example a user requests and the proxy is configured to receive that request, translate it into which it requests then passes the result back to the user’s browser.
The proxy would simply hand back an error page if the requested url is not mapped to a dashboard.
It would need a config file with request->dashboard mappings.

Could that work, or is the happiness of Friday afternoon getting to me and I’m being monumentally stupid?



It seems to be over complicated. Use some auth proxy (OIDC, SAML, basic auth, …) and just whitelist resources (dashboards) which need unauthenticated (public) access. Of course you will need to whitelist datasources (/api/datasources/*) => it will protect only dashboards, but not data.

Protecting data is the point of the exercise, hence the over-complication.

How your public dashboards load data? Answer: from public (unauthenticated) datasource => you won’t be able to protect data.

Thanks for taking the time to indulge my wild fantasies. Having had the weekend to reflect on this I think I see the flaw in the idea.

As I understand it, data sources are exposed because a user can craft their own URL with their own query and thus grab all the available data. My idea of a sanitizing proxy would be to strip out any ad-hoc queries and only allow pre-approved URLs to make it through to Grafana.

However, thinking about it this would break Grafana? On loading a dashboard the user’s browser has to make several dozen URL requests in order to get the images and widgets and everything else, and the proxy would block these unless we put in a LOT of work to identify them and allow them through.

I guess Monday morning is a more sober time than Friday afternoon. I think I’ll set up a separate Grafana with JUST the datasource I want to be made public.