grafana/devenv/docker/blocks/auth/nginx_proxy/nginx.conf

events { worker_connections 1024; }

http {
  sendfile on;

  proxy_redirect     off;
  proxy_set_header   Host $host:$server_port;
  proxy_set_header   X-Real-IP $remote_addr;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header   X-Forwarded-Host $server_name;

  server {
    listen 8090;

    ###############################################################
    #  Location is under the sub path /grafana/. We need to update the
    #  config.ini file accordingly.
    #  [server]
    #  root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/
    ###############################################################
    location /grafana/ {
      ################################################################
      # Enable these settings to test with basic auth and an auth proxy header
      # the htpasswd file contains an admin user with password admin and
      # user1: grafana and user2: grafana
      ################################################################

      auth_basic "Restricted Content";
      auth_basic_user_file /etc/nginx/htpasswd;
      # Remove the authentication header meant for NGINX
      proxy_set_header "Authorization" "";

      ################################################################
      # To use the auth proxy header, set the following in custom.ini:
      # [auth.proxy]
      # enabled = true
      # header_name = X-WEBAUTH-USER
      # header_property = username
      # enable_login_token = false
      ################################################################

      proxy_set_header X-WEBAUTH-USER $remote_user;

      proxy_pass http://host.docker.internal:3000/;
    }
  }
}