Dear community,
I’m currently struggling with a problem with Grafana via Ingress. The topic is a bit more extensive, but since I don’t know exactly what’s involved, I’ll have to go into a bit more detail.
I recently decided to make my Homeassistant remotely accessible using a reverse proxy (NGINX). As additional security, I’ve installed verification using MTLS client authentication (but that doesn’t make any difference to my problem - tested without). Now I have a website-card on my dashboard that should display a Grafana dashboard. After only forwarding port 8123 using NGINX and not Grafana, I integrated the Grafana dashboard using the Homeassistant ingress address (http://192.x.x.x:8123/api/hassio_ingress/vp-Abr41nMjSfXaE9zI…). Because of there is no http content allowed when accessing remotely using the public https domain, I looked for a solution and ChatGPT gave me the crucial clue: only specify the URL of the dashboard relatively without the domain (/api/home assistant OS_ingress/vp-Abr41nMjSfXaE9zI…). This works as it should.
I also selected “user” as the Ingress default user (see grafana-addon-config), who only has the “viewer” role, because the “annotations” in the diagrams annoyed me and I also wanted the diagrams in the HA website map to be read-only. The local alternative would be to activate anonymous access, but this doesn’t work publicly because otherwise I would have to forward the Grafana port as well (with Ingress, some user is always logged in by default).
So I have 3 types of access to Grafana: via local ingress (http://x.x.x.x:8123/api…) user:“user”, direct call to the Grafana port (http://x.x.x.x:3000/api…) user:“Admin” to edit the diagrams, and via remote access/ingress (https://xyz.dyndns.com/api…) user:“user”
Basically everything works fine, but now to the problem: when I open the HA app and am first in the local network, the error “403 origin not allowed” appears in the Grafana dashboard. The Grafana page itself loads without any problems. If I now switch off the WIFI connection and the app accesses via the public address, everything works perfectly. If I then switch back to the WIFI, it works too.
I have the same problem when I log into Grafana (http://x.x.x.x:3000) on my PC and then try to open the Grafana dashboard via Ingress in HA either via the direct link or via the add-on user interface. If I clear the website cache in the browser, it works again via Ingress.
Is there any workaround or other suggestion for my use case?
Grafana Addon Config:
plugins: [ ]
custom_plugins: [ ]
env_vars: [ ]
ssl: false
certfile: fullchain.pem
keyfile: privkey.pem
grafana_ingress_user: user
