From 1b44b20289dddd924fe79a042eec72b509ba025c Mon Sep 17 00:00:00 2001 From: Kristian Lyngstol Date: Wed, 23 Nov 2016 13:46:52 +0100 Subject: Use proxy for grafana-authentication --- build/test/gondul-grafana-test.Dockerfile | 2 ++ extras/misc/varnish-auth.vcl | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 extras/misc/varnish-auth.vcl diff --git a/build/test/gondul-grafana-test.Dockerfile b/build/test/gondul-grafana-test.Dockerfile index 9a433df..be808d3 100644 --- a/build/test/gondul-grafana-test.Dockerfile +++ b/build/test/gondul-grafana-test.Dockerfile @@ -8,6 +8,8 @@ ENV GF_DATABASE_NAME grafana ENV GF_DATABASE_USER grafana ENV GF_DATABASE_PASSWORD grafana ENV GF_DATABASE_SSL_MODE require +ENV GF_AUTH_PROXY_ENABLED true +ENV GF_AUTH_DISABLE_LOGIN_FORM true ENV GF_EXTERNAL_IMAGE_STORAGE_PROVIDER internal ENV GF_EXTERNAL_IMAGE_STORAGE_S3_BUCKET_URL http://grafana.situla.bitbit.net/ ENV GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY 8KMMX9F3VZZ6MAZOGFF6-yes-I-knw diff --git a/extras/misc/varnish-auth.vcl b/extras/misc/varnish-auth.vcl new file mode 100644 index 0000000..c73e3ad --- /dev/null +++ b/extras/misc/varnish-auth.vcl @@ -0,0 +1,26 @@ +# Example auth-config for varnish + gondul +# Stick this in the data/ directory and Varnish will use it. +# Unless you set X-Webauth-User, grafana will not work. +# The username/password can be generated with echo -n foo:bar | base64 + +acl white { + "127.0.0.0"/8; + "172.16.0.0"/12; + "192.168.0.0"/16; + "10.0.0.0"/8; +} + +sub vcl_recv { + if (client.ip !~ white && req.http.Authorization != "Basic Zm9vOmJhcg==") { + return(synth(401)); + } else { + unset req.http.Authorization; + set req.http.X-Webauth-User = "admin"; + } +} + +sub vcl_synth { + if (resp.status == 401) { + set resp.http.WWW-Authenticate = {"Basic realm="WHAT .... is your favorite color?""}; + } +} -- cgit v1.2.3