Nginx+Lua实现Grafana集成SSO

基本思路

Grafana开auth.proxy, Nginx+Lua控制cookie及X-WEBAUTH-USER的值 (Enable auth.proxy in Grafana, Then use Nginx+Lua to control cookie and value of X-WEBAUTH-USER).

架构图

环境配置

  • Download and install LuaJIT
  • Install Tengine 2.2.1 with configure option --with-http_lua_module --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB"
  • Download and compile lua-cjson, then copy cjson.so to lib dir. Such as /usr/lib64/lua/5.1/

Nginx配置

Main Configuration

Access With Out SSO

某种情况下可能不想挑转到sso去认证,比如某个公共的本地账号。这时可以通过Nginx配置绕过SSO认证(Sometimes we may want to login with out SSO, such as a local grafana account for public use. For this situation, we can use Nginx to bypass SSO)

Full Code

参考资料


10 thoughts on “Nginx+Lua实现Grafana集成SSO

  1. 单点登录认证成功后,仍旧跳到observer login界面,收到去掉网址中的/login就显示已经登录了,这是为什么呢?是grafana配置有什么设置吗

回复 annhe_net 取消回复

您的电子邮箱地址不会被公开。 必填项已用*标注