apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Datasources: Add documentation around secure socks proxy (#66609)

Browse Source 
---------

Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
pull/67314/head
Stephanie Hingtgen 2 years ago committed by GitHub
parent c308118fc0
commit d7bd06a87e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 44
      docs/sources/setup-grafana/configure-grafana/proxy/index.md

44
docs/sources/setup-grafana/configure-grafana/proxy/index.md
Unescape View File

@ -0,0 +1,44 @@
---
description: Learn about proxy datasource connections through a secure socks proxy.
keywords:
- proxy
- guide
- Grafana
title: Configure a data source connection proxy
menuTitle: Configure data source proxy
weight: 1110
---
# Configure a data source connection proxy
Grafana provides support for proxying data source connections through a Secure Socks5 Tunnel. This enables you to securely connect to data sources hosted in a different network than Grafana.
To make use of this functionality, you need to deploy a socks5 proxy server that supports TLS on a machine exposed to the public internet within the same network as your data source. From there, Grafana establishes a mutually trusted connection from Grafana to the Proxy. Then the Proxy can proxy the Grafana connection to your private server without exposing your data sources to the public internet.
## Known limitations
- You can configure only one socks5 proxy per Grafana instance
- All built-in core data sources are compatible, but not all external data sources are. For a list of supported data sources, refer to [private data source connect]({{< ref "/docs/grafana-cloud/data-configuration/configure-private-datasource-connect/#known-limitations" >}}).
## Before you begin
To complete this task, you must first deploy a socks proxy server that supports TLS, is publicly accessible, and is hosted within the same network as the data source.
## Steps
1. For Grafana to send data source connections to the socks5 server, use the following table to configure the `secure_socks_datasource_proxy` section of the `config.ini`:
| Key | Description | Example |
| --------------- | ------------------------------------------ | ------------------------------- |
| `enabled` | Enable this feature in Grafana | true |
| `root_ca_cert` | The file path of the root ca cert | /etc/ca.crt |
| `client_key` | The file path of the client private key | /etc/client.key |
| `client_cert` | The file path of the client public key | /etc/client.crt |
| `server_name` | The domain name of the proxy, used for SNI | proxy.grafana.svc.cluster.local |
| `proxy_address` | the address of the proxy | localhost:9090 |
1. Set up a data source and configure it to send data source connections through the proxy.
To configure your data sources to send connections through the proxy, `enableSecureSocksProxy=true` must be specified in the data source json. You can do this in the [API]({{< relref "../../../developers/http_api/data_source" >}}) or use [file based provisioning]({{< relref "../../../administration/provisioning/#data-sources" >}}).
Additionally, you can set the socks5 username and password by adding `secureSocksProxyUsername` in the data source json and `secureSocksProxyPassword` in the secure data source json.
Write Preview
Loading…
Cancel
Save