Thank you for solution. What about accessing from another network (actually from world wide)? Do i have to port forward somehow that port 3000 ?
Hi, can you tell me where this setting is please?
Supervisor - grafana - configuration
As i understand, with this config i cant get assess from outside. Any advice to make it work thrue original dns?
Funny part is that i can see on my mobile HA app the grafana dashboard through wi-fi, although webcard is through ddns, but on local instance (with web browser) of HA in lovelace i see 401:unauthorised
Any news for solve this problem??
If you are using Grafana in supervisor:
These settings work for me…
plugins:
- grafana-worldmap-panel
env_vars:
- name: GF_INGRESS_USER
value: anonymous
- name: GF_DEFAULT_INSTANCE_NAME
value: Hassio
- name: GF_AUTH_ANONYMOUS_ENABLED
value: 'true'
- name: GF_SECURITY_ALLOW_EMBEDDING
value: 'true'
- name: GF_SECURITY_COOKIE_SAMESITE
value: none
- name: GF_SECURITY_COOKIE_SECURE
value: 'true'
- name: GF_SECURITY_LOGIN_REMEMBER_DAYS
value: '365'
- name: GF_AUTH_BASIC_ENABLED
value: 'true'
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem
log_level: info
I also changed to port 3000:
The webpage panel card link in lovelace frontend: http://192.168.1.4:3000/api/hassio_ingress/blah/blah…
2 Likes
Does it also work externally then? Via nabu casa? They do not forward port 3000 do they?
Canne help with Nabu Casa as I don’t use it. Sorry.
But it does work “externally” via VPN which is in essence “local”.
(I don’t use https and don’t expose HA direct to web)
Its pretty quick to just pop on an OPENVPN connection on a mobile or laptop to check into HA when out and about.
It’s also good to pop the VPN on when on an unknown WIFI (Instead of NORD or something similar you pay for) so your web browsing goes via the home internet.
Telegram messenger is also integrated into HA with a chat bot (RedBot Nodes) to send commands to HA and to report stuff back to users in a chat without putting VPN on.
Someone else may be able to test the Nabu Casa element for you…
Hm… obviously adding a separate port to the container and enabling anonymous access solve the issue… but this mean indeed that internally it is solved (which includes vpn acces to your internal).
And also pinning a hole in the firewall to that port enables “local”/“direct” access to the container.
But al these options are not really “handy” to do and ton maintain. The best would be to access the container internally which makes it work locally and remote (via 8123 and nabucasa)…
having the same problem myself. I’ve tried exposing the container port and enabling anonymous and of course that works. However I don’t want to expose grafana port to the world and having anybody able to connect to it. Is there any way we can make it working on hassio standard port?
I’d be fine having to generate a token once every year that’s why I tried with a config like this
plugins: []
env_vars:
- name: GF_SECURITY_ALLOW_EMBEDDING
value: 'true'
- name: GF_AUTH_ANONYMOUS_ENABLED
value: 'false'
- name: GF_AUTH_TOKEN_ROTATION_INTERVAL_MINUTES
value: '525600'
- name: GF_AUTH_LOGIN_MAXIMUM_INACTIVE_LIFETIME_DAYS
value: '365'
- name: GF_AUTH_LOGIN_MAXIMUM_LIFETIME_DAYS
value: '365'
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
but unfortunately it doesn’t do the job 
Yeah exposing anon login for grafana to the world isn’t something I’d do on my firewall.
Hence using VPN for remote access.
Sorry it wasn’t of any use pal. But someone else may find it of use.
I’m sure someone will fix the :8123 port issue in time 
simple workaround:
- set grafana graphics from dashboards with external url ;
- at first instance when u try to view grafana, steb in grafana add-on sidebar for this to authenticate ;
- after grafana loads there u can go your whole session in that webpage or companion and graphics will be there
Try to add additional parameters here, near of "GF_AUTH_ANONYMOUS_ENABLED" in Grafana configuration:
- name: GF_AUTH_ANONYMOUS_ENABLED
value: 'true'
- name: GF_AUTH_ANONYMOUS_ORG_NAME
value: canBeAnyNameHere
Now it’s working better in my Hassio, but only if connecting to it from same host
I had the same Issue (401 unauthorized) in the iFrame in a dashboard. Activating Grafana from the toolbar on the left and switching back to the dashboard helps for the second. On a mobile device on same network I always got 401 error.
The solution was to change the port in the embed addresse from default 8123 to the one you define in Grafanas settings (3000 on my setup). Credits to @joaofl
3 Likes
please can you post a screenshot where I can find in my setup yours 3000 address?
Thanks
mine is like this… I don’t know why… grafana is working… is there a way to fix this?
I guess there is a way 
simply type “3000” (or whaterever 4digit number you like) instead “disabled” like I did
this will probably work. Now I suppose to add my credentials (username + password) and I don’t remember them
Cheers. Do you embed internal address or external one with https?