Switch Grafana to OIDC from proxy auth
This commit is contained in:
parent
9d5aeeec96
commit
0ceb513216
@ -26,7 +26,7 @@ job "grafana" {
|
|||||||
tags = [
|
tags = [
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.http.routers.grafana.entryPoints=websecure",
|
"traefik.http.routers.grafana.entryPoints=websecure",
|
||||||
"traefik.http.routers.grafana.middlewares=authelia@nomad",
|
# "traefik.http.routers.grafana.middlewares=authelia@nomad",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -162,6 +162,7 @@ GF_SMTP_PASSWORD={{ .smtp_password }}
|
|||||||
GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY={{ .minio_access_key }}
|
GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY={{ .minio_access_key }}
|
||||||
GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY={{ .minio_secret_key }}
|
GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY={{ .minio_secret_key }}
|
||||||
GRAFANA_ALERT_EMAIL_ADDRESSES={{ .alert_email_addresses }}
|
GRAFANA_ALERT_EMAIL_ADDRESSES={{ .alert_email_addresses }}
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ .oidc_secret }}
|
||||||
{{ if .db_name -}}
|
{{ if .db_name -}}
|
||||||
# Database storage
|
# Database storage
|
||||||
GF_DATABASE_TYPE=mysql
|
GF_DATABASE_TYPE=mysql
|
||||||
|
@ -258,15 +258,20 @@ log_queries =
|
|||||||
|
|
||||||
#################################### Generic OAuth ##########################
|
#################################### Generic OAuth ##########################
|
||||||
[auth.generic_oauth]
|
[auth.generic_oauth]
|
||||||
;enabled = true
|
enabled = true
|
||||||
;name = Cloudron
|
name = Authelia
|
||||||
;allow_sign_up = true
|
;allow_sign_up = true
|
||||||
;client_id = some_id
|
client_id = grafana
|
||||||
;client_secret = some_secret
|
client_secret = from_env
|
||||||
;scopes = user:email,read:org
|
scopes = openid profile email groups
|
||||||
;auth_url = https://foo.bar/login/oauth/authorize
|
auth_url = https://authelia.thefij.rocks/api/oidc/authorization
|
||||||
;token_url = https://foo.bar/login/oauth/access_token
|
token_url = https://authelia.thefij.rocks/api/oidc/token
|
||||||
;api_url = https://foo.bar/user
|
api_url = https://authelia.thefij.rocks/api/oidc/userinfo
|
||||||
|
login_attribute_path = preferred_username
|
||||||
|
groups_attribute_path = groups
|
||||||
|
name_attribute_path = name
|
||||||
|
use_pkce = true
|
||||||
|
|
||||||
;team_ids =
|
;team_ids =
|
||||||
;allowed_organizations =
|
;allowed_organizations =
|
||||||
|
|
||||||
@ -282,7 +287,7 @@ log_queries =
|
|||||||
#################################### Auth Proxy ##########################
|
#################################### Auth Proxy ##########################
|
||||||
[auth.proxy]
|
[auth.proxy]
|
||||||
{{ with nomadService "traefik" -}}
|
{{ with nomadService "traefik" -}}
|
||||||
enabled = true
|
enabled = false
|
||||||
header_name = Remote-User
|
header_name = Remote-User
|
||||||
header_property = username
|
header_property = username
|
||||||
auto_sign_up = true
|
auto_sign_up = true
|
||||||
|
Loading…
Reference in New Issue
Block a user