"401: Unauthorized" iframe CARD of Grafana not working

twproject · December 16, 2019, 11:59am

in my case i have hassio under a proxmox vm as docker
I did the sqlite3 procedure on vm not on hassio

nontijt · December 21, 2019, 9:21am

@frenck
Just a quick question.
Do you recognize the issue we describe? or are we forgetting something obvious?

And just a big thanks to everything you are doing for this amazing project…
regards,

frenck · December 21, 2019, 10:08am

No you’re not forgetting about anything. It isn’t possible to do at this time to do. It simply won’t work due the way Ingress handles authentication.

nontijt · December 21, 2019, 2:03pm

Ah, ok. Thank you for the reply.
I myself didnt get that clear answer through my skull yet. I was looking/waiting for a fix… ghehe.
Thanks for clarifying.
Cheers

nontijt · January 9, 2020, 7:15pm

@frenck
I saw on github the issue is closed, also a hint on that the ingress issue should be fixed now. Am I correct? If so, could you give a hints on how to set it up.

Iframe, influx+grafana should be such that I dont see the 401 message anymore?

What I tried is this in the grafana addon setup.
“grafana_ingress_user”: “admin”
should it be like this? anything else?
kindly tips

regards

frenck · January 9, 2020, 10:01pm

You can’t include iframes from Grafana from Ingress, this is not an add-on limitation and can therefore not be fixed via an add-on update.

The version re-instates direct access to grafana, which can provide access without ingress.

upwind_anderl · March 30, 2020, 8:22pm

so to be clear no chance to resolve it for the hassio users here?

joostdevries · May 18, 2020, 1:27pm

Hi Frenck,
can it maybe be done if i allow anonymous login? I don’t have any problems with that since grafana and home assistant is only accesable from within my LAN.
If so, how can i change the settings in grafana? I’m trying all day to change the settings (in the grafana.ini), via env variables and stuff, but can’t seem to find a way that works.
Greetings,
Joost

scstraus · July 20, 2020, 7:56pm

Okay, I’m able to make the iframe working like this. AFAIK, you can’t get ingress to work, so it won’t pass through nabu casa when you don’t have direct access. To remedy this, you’d have to punch a whole in your firewall for the port you define and use your external ip and port in the URL. Probably you only need anyonymous and embedding, but I just copy pasted that from elsewhere.

applesauce · September 22, 2020, 1:09am

I just showed up to this issue and wanted to chime in. On my internal network, on mac safari 14, sometimes works and other times not, on the iOS HA app it always give an error - I get 401: Unauthorized on Grafana iframe card, but on Google Chrome, it always works on the mac but never on the iPhone. could there be some other way to integrate Grafana into lovelace besides the iframe card?

Laurenthu · October 16, 2020, 10:59am

Yes just to chime in this is the 1M$ question… What is the right way of displaying Grafana dashboards in Lovelace? Any support appreciated. And if it is not possible at all then I don’t really get the point of having a Grafana addon…

Makis · November 6, 2020, 2:04pm

any solution to this? All charts are now showing 401: Unauthorized

joaofl · November 13, 2020, 1:19pm

Solved! Got it working by doing mainly two things:

On my settings I changed:
grafana_ingress_user: anonymous

And on the shared link to the plot, I changed the url port to 3000, like below:

http://192.168.1.6:3000/api/hassio_ingress/whatevertoken/d-solo/7Tl95WoGz/server-stats?orgId=1&refresh=1m&from=now-1h&to=now&panelId=3"

Since then, no “Unauthorized access”

dmutpuu.l · November 16, 2020, 2:57pm

Thank you for solution. What about accessing from another network (actually from world wide)? Do i have to port forward somehow that port 3000 ?

Makis · November 21, 2020, 10:42pm

Hi, can you tell me where this setting is please?

huziahmetov · December 6, 2020, 4:52pm

Supervisor - grafana - configuration

As i understand, with this config i cant get assess from outside. Any advice to make it work thrue original dns?

Adrian_Stanciu · December 11, 2020, 6:46pm

Funny part is that i can see on my mobile HA app the grafana dashboard through wi-fi, although webcard is through ddns, but on local instance (with web browser) of HA in lovelace i see 401:unauthorised

mr-varga · December 24, 2020, 1:59pm

Any news for solve this problem??

Rural_assist · January 9, 2021, 11:45pm

If you are using Grafana in supervisor:
These settings work for me…


plugins:
  - grafana-worldmap-panel
env_vars:
  - name: GF_INGRESS_USER
    value: anonymous
  - name: GF_DEFAULT_INSTANCE_NAME
    value: Hassio
  - name: GF_AUTH_ANONYMOUS_ENABLED
    value: 'true'
  - name: GF_SECURITY_ALLOW_EMBEDDING
    value: 'true'
  - name: GF_SECURITY_COOKIE_SAMESITE
    value: none
  - name: GF_SECURITY_COOKIE_SECURE
    value: 'true'
  - name: GF_SECURITY_LOGIN_REMEMBER_DAYS
    value: '365'
  - name: GF_AUTH_BASIC_ENABLED
    value: 'true'
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem
log_level: info

I also changed to port 3000:

The webpage panel card link in lovelace frontend: http://192.168.1.4:3000/api/hassio_ingress/blah/blah…

sender · January 10, 2021, 7:34am

Does it also work externally then? Via nabu casa? They do not forward port 3000 do they?