SOLVED Cloudron v6.2.4 - Nginx Access-Control-Allow-Origin Policy blocks Grafana to access Prometheus
Tested on Cloudron v6.2.4:
Install Grafana, install Prometheus.
Add Prometheus in Grafana as Datasource.
Unknown error during query transaction. Please check JS console logs.
> Access to fetch at 'https://prometheus.domain.tld./login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765' (redirected from 'https://grafana.domain.tld/api/datasources/proxy/5/api/v1/query?query=1%2B1&time=1615638775.765') from origin 'https://grafana.domain.tld' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. > tti-polyfill.js:4 GET https://prometheus.domain.tld/login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765 net::ERR_FAILED
Testing this on Cloudron v.6.1.2 with no problems.
I tried looking into the diff of Box
Found this line
- add_header Referrer-Policy "same-origin"; + proxy_hide_header Referrer-Policy;
Then I tried to edit
/etc/nginx/applications/default.confand the both apps from Grafana and Prometheus to add cors:
Nothing worked, I am clueless.
@brutalbirdie CORS headers are set by the app, it shouldn't be platform related. So, if Grafana cannot access prometheus, it's because prometheus needs some CORS setting.
It seems one can set --web.cors.origin as per https://manpages.debian.org/unstable/prometheus/prometheus.1.en.html . I guess we have to fix the Cloudron package to have CLI args.
My problem with that is, both Grafana and Prometheus did not get updated for 2 weeks on the
Prometheus Server 2.25.0
They did not change but the version of Cloudron got upgraded from
v6.2.4that's the only thing that changed.
@brutalbirdie Nothing has changed in the reverse proxy configs other than referrer-policy. So, I am surprised that it worked before. I can only think of some app update causing a problem.
@brutalbirdie I haven't tried this yet. Do you know if this setup requires basic auth to work in the apps?
@girish Good question.
Since prometheus does use
proxyAuthand grafana tries to auth via basic auth.
Could this be a problem? I think I've read something on the forum about a problem with
@brutalbirdie yes, that is most likely the issue. Let me try to push a fix.
@brutalbirdie I have enabled it in package v1.4.1 . Can you please try?
@girish On it.
Neat! This fixed it. Big thanks for the uddate.