Ankündigung

Einklappen

Hinweis

Die Forenregeln wurden überarbeitet (Stand 7.11.22). Sie sind ab sofort verbindlich. Wir bitten um Beachtung.
Mehr anzeigen
Weniger anzeigen

Grafana + Smartvisu + https

Einklappen
X
 
  • Filter
  • Zeit
  • Anzeigen
Alles löschen
neue Beiträge

    Grafana + Smartvisu + https

    Hallo miteinander,

    mein Problem hat zwar eigentlich nichts mit Smartvisu zu tun,
    aber vielleicht kann mir trotzdem jemand helfen...

    Mein Ziel: Ein Grafana Dashboard in Smartvisu einbinden.

    Ich greife auf meine Visu über https zu. (https://meine.domain/smartVISU)
    Wenn ich jetzt das iframe einbinden möchte, kommt in der Konsole folgender Fehler:
    Code:
    Mixed Content: The page at 'https://meine.domain/smartVISU/index.php?page=Stromverbrauch' was loaded over HTTPS, but requested an insecure frame 'http://192.168.1.13:3000/d/GW05tggRk/stromverbrauch?orgId=1&from=1667299075585&to=1667299375585'. This request has been blocked; the content must be served over HTTPS.
    Jetzt wollte ich Grafana auf https umstellen und hab die grafana.ini so bearbeitet:
    Code:
    instance_name = meine.domain
    
    [server]
    # Protocol (http, https, h2, socket)
    protocol = http
    
    # The ip address to bind to, empty will bind to all interfaces
    ;http_addr =
    
    # The http port  to use
    http_port = 3000
    
    # The public facing domain name used to access grafana from a browser
    ;domain = localhost
    domain = meine.domain
    
    # Redirect to correct domain if host header does not match domain
    # Prevents DNS rebinding attacks
    enforce_domain = true
    
    # The full public facing url you use in browser, used for redirects and emails
    # If you use reverse proxy and sub path specify full url (with sub path)
    ;root_url = %(protocol)s://%(domain)s:%(http_port)s/
    root_url = https://meine.domain/grafana
    ​
    Und meine nginx Konfig so geändert (nur der untere Teil mit /grafana) :

    Code:
    server {
        listen 80 default_server;
        listen [::]:80 default_server;
            
    
            return 403;
        include /etc/nginx/snippets/letsencrypt.conf;
     }
    
    server {
        server_tokens off;
        
        ## Blocken, wenn Zugriff aus einem nicht erlaubten Land erfolgt ##
        if ($allowed_country = no) {
            return 403;
        }    
        
        # https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
        ## Block download agents ##
        if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
            return 403;
        }
    
        ## Block some robots ##
        if ($http_user_agent ~* msnbot|scrapbot) {
            return 403;
        }
    
        ## Deny certain Referers ##
        if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) )
        {
            return 403;
        }
    
        listen 443 ssl default_server;
        server_name meine.domain
    
        ##
        # SSL
        ##
    
        ssl on;
        ssl_certificate /etc/letsencrypt/live/meine.domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/meine.domain/privkey.pem;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_ciphers    HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!RC4;
    
        add_header Strict-Transport-Security "max-age 31536000; includeSubDomains";
    
        ##
        # global
        ##
    
        root /var/www/html/meine.domain;
        index index.php index.htm index.html;
    
      location / {
            
        satisfy any;
        allow 176.120.163.245/24;
        deny all;    
    
        auth_basic "Restricted Area: smartVISU";
            auth_basic_user_file /etc/nginx/htpasswd.smartvisu;
    
        # Zugreifendes Land erlaubt?
            if ($allowed_country = no) {
                    return 403;
            }
            
            # Nur Websocket Verbindungen gegen "/" durchlassen!
            if ($http_upgrade = websocket) {
                    
                    proxy_pass http://192.168.1.13:2424;
            }
            if ($http_upgrade != websocket) {
                    return 403;
            }
        }
    
      
    
      location /smartVISU {
    
        satisfy any;
        allow 176.120.163.245/24;
        deny all;
                
        auth_basic "Restricted Area: smartVISU";
            auth_basic_user_file /etc/nginx/htpasswd.smartvisu;
    
        # Zugreifendes Land erlaubt?
            if ($allowed_country = no) {
                    return 403;
            }
                
        proxy_pass http://192.168.1.13/smartVISU;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        
        
      
    
      location /alexa {
            auth_basic "Restricted Area: Alexa";
            auth_basic_user_file /etc/nginx/htpasswd.alexa;
    
        # Zugreifendes Land erlaubt?
            if ($allowed_country = no) {
                    return 403;
            }
    
            proxy_pass http://192.168.1.13:9000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }  
    
      location /shng {
            auth_basic "Restricted Area: SmartHomeNG";
            auth_basic_user_file /etc/nginx/htpasswd.shng;
    
            if ($allowed_country = no) {
                    return 403;
                    break;
            }
            proxy_pass http://192.168.1.13:8888/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
      
      location /grafana {
            
    
            if ($allowed_country = no) {
                    return 403;
                    break;
            }
            proxy_pass http://192.168.1.13:3000/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto “https”;
        }
    
    }​
    Wenn ich jetzt https://meine.domain/grafana im Browser versuche, kommt folgende Meldung:
    Code:
    [B]If you're seeing this Grafana has failed to load its application files[/B]
    
    
    
    1. This could be caused by your reverse proxy settings.
    
    2. If you host grafana under subpath make sure your grafana.ini root_url setting includes subpath. If not using a reverse proxy make sure to set serve_from_sub_path to true.
    
    3. If you have a local dev build make sure you build frontend using: yarn start, yarn start:hot, or yarn build
    
    4. Sometimes restarting grafana-server can help
    
    5. Check if you are using a non-supported browser. For more information, refer to the list of [URL="https://grafana.com/docs/grafana/latest/installation/requirements/#supported-web-browsers"]supported browsers[/URL].
    ​
    Hat jemand das gleiche Vorhaben erfolgreich umgesetzt,
    oder weiß jemand, wo der Fehler liegt?

    Schöne Grüße, Max

    Edit: Problem gelöst. In der grafana.ini hat der Eintrag
    Code:
    serve_from_sub_path = true​
    gefehlt.
    Zuletzt geändert von Max2612; 01.11.2022, 14:29.
Lädt...
X