IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-03 20:21:01 -06:00
Code Issues Packages Projects Releases Wiki Activity
dd0e646e92
grafana/docs/sources/setup-grafana/configure-grafana/proxy/index.md
Bruno 58678f5879
Plugins: Add option to disable TLS in the socks proxy (#79246) 
* Plugins: add option to disable TLS in the socks proxy

* fix allow_insecure docs

* upgrade github.com/grafana/grafana-plugin-sdk-go from v0.196.0 to v0.197.0

* fix conflicts
2023-12-14 12:16:32 -03:00

3.1 KiB
Raw Blame History

description keywords labels menuTitle title weight
Learn about proxy datasource connections through a secure socks proxy.
proxy
guide
Grafana
products
enterprise
oss
Configure data source proxy Configure a data source connection proxy 1110

Configure a data source connection proxy

Grafana provides support for proxying data source connections through a Secure Socks5 Tunnel. This enables you to securely connect to data sources hosted in a different network than Grafana.

To make use of this functionality, you need to deploy a socks5 proxy server that supports TLS on a machine exposed to the public internet within the same network as your data source. From there, Grafana establishes a mutually trusted connection from Grafana to the Proxy. Then the Proxy can proxy the Grafana connection to your private server without exposing your data sources to the public internet.

Known limitations

  • You can configure only one socks5 proxy per Grafana instance
  • All built-in core data sources are compatible, but not all external data sources are. For a list of supported data sources, refer to private data source connect.

Before you begin

To complete this task, you must first deploy a socks proxy server that supports TLS, is publicly accessible, and is hosted within the same network as the data source.

Steps

  1. For Grafana to send data source connections to the socks5 server, use the following table to configure the secure_socks_datasource_proxy section of the config.ini:

    Key Description Example
    enabled Enable this feature in Grafana true
    root_ca_cert The file path of the root ca cert /etc/ca.crt
    client_key The file path of the client private key /etc/client.key
    client_cert The file path of the client public key /etc/client.crt
    server_name The domain name of the proxy, used for SNI proxy.grafana.svc.cluster.local
    proxy_address The address of the proxy localhost:9090
    allow_insecure Disable TLS in the socks proxy false

  2. Set up a data source and configure it to send data source connections through the proxy.

    To configure your data sources to send connections through the proxy, enableSecureSocksProxy=true must be specified in the data source json. You can do this in the [API]({{< relref "../../../developers/http_api/data_source" >}}) or use [file based provisioning]({{< relref "../../../administration/provisioning#data-sources" >}}).

    Additionally, you can set the socks5 username and password by adding secureSocksProxyUsername in the data source json and secureSocksProxyPassword in the secure data source json.