I am considering making a Grafana dashboard available on a public website.
Since the projects here also use Grafana and public dashboards are probably made available more often, I thought I would ask here.
What should be considered?
What is the best way to make Grafana available?
What and how should Grafana be secured?
other than using Let’s Encrypt to serve public access to the Grafana instance via https://, wrapping it behind an Nginx server with reverse proxy configuration, and using the Grafana configuration settings outlined below, I don’t think we have any special configurations or protections in place. Depending on how your instance will be used, more details may be needed.
You may find the Nginx configuration bits outlined below helpful to allow embedding Grafana panels on other websites/domains than the Grafana instance is running on.
With kind regards,
A few Grafana configuration settings
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
reporting_enabled = false
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.net to get latest versions
check_for_updates = false
# When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses which
# will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>.
# The main goal is to mitigate the risk of Clickjacking. Default is false.
allow_embedding = true
# enable anonymous access
enabled = true
# specify role for unauthenticated users
org_role = Viewer
Configure website security policy to allow embedding
Those instructions configure the Nginx webserver to send appropriate HTTP response headers to let defined third-party sites embed Grafana content.
# Policy parameters
# "X-Frame-Options" is deprecated, right?
# add_header X-Frame-Options "allow-from https://getkotori.org/";
# add_header X-Frame-Options "allow-from https://community.hiveeyes.org/";
# "Content-Security-Policy" is used now.
set $CSP "frame-ancestors hiveeyes.org *.hiveeyes.org getkotori.org *.getkotori.org panodata.org *.panodata.org";
add_header Content-Security-Policy $CSP;
please note that the documentation about Luftdaten-Viewer Applications for Debian might be outdated.
When configuring the Hiveeyes package repository at
packages.hiveeyes.org, you will only receive the most recent Grafana 6.x release . However, according to the snippet referenced below, Grafana 8.x has been verified to work already.
So, I would recommend to get the most recent Grafana 8 .deb package from upstream at Download Grafana | Grafana Labs to start your installation . I think there is no reason to use Grafana 6 here.
With kind regards,
We recently upgraded to Grafana 9 on one of our servers, and are able to confirm that Panodata Map Panel 0.16.0 is working well .
If you concluded the setup of the system successfully, and managed to put it on a public website, we will be very happy to hear about the outcome on your end.
With kind regards, and a happy new year,