Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Cloudron v6.2.4 - Nginx Access-Control-Allow-Origin Policy blocks Grafana to access Prometheus

Scheduled Pinned Locked Moved Solved Support
proxyauth
12 Posts 2 Posters 2.0k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    wrote on last edited by girish
    #1

    Tested on Cloudron v6.2.4:

    Install Grafana, install Prometheus.
    Add Prometheus in Grafana as Datasource.
    Get:

    Unknown error during query transaction. Please check JS console logs.
    
    > Access to fetch at 'https://prometheus.domain.tld./login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765' (redirected from 'https://grafana.domain.tld/api/datasources/proxy/5/api/v1/query?query=1%2B1&time=1615638775.765') from origin 'https://grafana.domain.tld' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
    > tti-polyfill.js:4 GET https://prometheus.domain.tld/login?redirect=/api/v1/query?query=1%2B1&time=1615638775.765 net::ERR_FAILED
    

    5697335b-f015-4b63-9801-93273982c911-image.png

    Testing this on Cloudron v.6.1.2 with no problems.

    b7c55ce5-93b0-4a01-8a78-03f510f22203-image.png

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by
    #2

    I tried looking into the diff of Box v6.1.2 and v6.2.4

    https://git.cloudron.io/cloudron/box/-/compare/v6.1.2...v6.2.4

    Found this line

    https://git.cloudron.io/cloudron/box/-/compare/v6.1.2...v6.2.4#65b4484c1d799a34df752a8f7b9be90aca54aef6_98_98

    - add_header Referrer-Policy "same-origin";
    + proxy_hide_header Referrer-Policy;
    

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

    Then I tried to edit /etc/nginx/applications/default.conf and the both apps from Grafana and Prometheus to add cors:

    https://enable-cors.org/server_nginx.html

    Nothing worked, I am clueless.

    Like my work? Consider donating a drink drink. Cheers!

    girishG 1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to BrutalBirdie on last edited by
    #3

    @brutalbirdie CORS headers are set by the app, it shouldn't be platform related. So, if Grafana cannot access prometheus, it's because prometheus needs some CORS setting.

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    wrote on last edited by
    #4

    It seems one can set --web.cors.origin as per https://manpages.debian.org/unstable/prometheus/prometheus.1.en.html . I guess we have to fix the Cloudron package to have CLI args.

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to girish on last edited by
    #5

    @girish
    My problem with that is, both Grafana and Prometheus did not get updated for 2 weeks on the v6.2.4 instance.
    Grafana 7.4.3 and Prometheus Server 2.25.0
    They did not change but the version of Cloudron got upgraded from v6.1.2 => v6.2.4 that's the only thing that changed.

    Like my work? Consider donating a drink drink. Cheers!

    girishG 1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to BrutalBirdie on last edited by
    #6

    @brutalbirdie Nothing has changed in the reverse proxy configs other than referrer-policy. So, I am surprised that it worked before. I can only think of some app update causing a problem.

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to girish on last edited by
    #7

    @girish Yes I'm also very confused about this issue.
    And also that no one else reported this so far.

    Did you test said issue and could replicate it @girish?

    Like my work? Consider donating a drink drink. Cheers!

    girishG 1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to BrutalBirdie on last edited by
    #8

    @brutalbirdie I haven't tried this yet. Do you know if this setup requires basic auth to work in the apps?

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to girish on last edited by
    #9

    @girish Good question.
    Since prometheus does use proxyAuth and grafana tries to auth via basic auth.
    Could this be a problem? I think I've read something on the forum about a problem with proxyAuth?

    Like my work? Consider donating a drink drink. Cheers!

    girishG 2 Replies Last reply
    1
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to BrutalBirdie on last edited by
    #10

    @brutalbirdie yes, that is most likely the issue. Let me try to push a fix.

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to BrutalBirdie on last edited by
    #11

    @brutalbirdie I have enabled it in package v1.4.1 . Can you please try?

    BrutalBirdieB 1 Reply Last reply
    1
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to girish on last edited by BrutalBirdie
    #12

    @girish On it.


    Neat! This fixed it. Big thanks for the uddate.

    Like my work? Consider donating a drink drink. Cheers!

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.