From d19fae8d564721b952926e6fb5fc89f7bea7fe16 Mon Sep 17 00:00:00 2001 From: Quang Khai Nguyen Date: Thu, 16 Apr 2026 21:41:53 +0200 Subject: [PATCH 1/4] back up config.monitoring (worked) --- prometheus/grafana/config.monitoring | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 prometheus/grafana/config.monitoring diff --git a/prometheus/grafana/config.monitoring b/prometheus/grafana/config.monitoring new file mode 100644 index 0000000..7dc9aea --- /dev/null +++ b/prometheus/grafana/config.monitoring @@ -0,0 +1,8 @@ +GF_SECURITY_ADMIN_PASSWORD=foobar +GF_USERS_ALLOW_SIGN_UP=false +LETSENCRYPT_HOST=grafana.quangkhai.ch +LETSENCRYPT_EMAIL=quangkhai@grafana.quangkhai.ch +VIRTUAL_HOST=grafana.quangkhai.ch +VIRTUAL_PORT=3000 +GF_SERVER_DOMAIN=grafana.quangkhai.ch +GF_SERVER_ROOT_URL=https://grafana.quangkhai.ch From edd9368fea50caec72dc56a14ff3f2210b3859bc Mon Sep 17 00:00:00 2001 From: Quang Khai Nguyen Date: Thu, 16 Apr 2026 21:47:12 +0200 Subject: [PATCH 2/4] OpenID for Grafana --- authelia/config/configuration.yml | 12 ++++++++++++ prometheus/grafana/config.monitoring | 23 ++++++++++++++++------- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml index 7f4fbc9..4c382fd 100644 --- a/authelia/config/configuration.yml +++ b/authelia/config/configuration.yml @@ -117,3 +117,15 @@ identity_providers: - email - groups userinfo_signed_response_alg: 'none' + - id: grafana + description: Grafana via Authelia + secret: '$argon2id$v=19$m=65536,t=3,p=4$IoJjIPmtn81rI0te8lV5Yw$tptaXFfI1NOsPctEzyAYiRblzFNsWgbS9Gh160OkoqQ' + public: false + authorization_policy: one_factor + redirect_uris: + - https://grafana.quangkhai.ch/login/generic_oauth + scopes: + - openid + - profile + - email + userinfo_signed_response_alg: 'none' diff --git a/prometheus/grafana/config.monitoring b/prometheus/grafana/config.monitoring index 7dc9aea..cc86ec6 100644 --- a/prometheus/grafana/config.monitoring +++ b/prometheus/grafana/config.monitoring @@ -1,8 +1,17 @@ -GF_SECURITY_ADMIN_PASSWORD=foobar -GF_USERS_ALLOW_SIGN_UP=false -LETSENCRYPT_HOST=grafana.quangkhai.ch -LETSENCRYPT_EMAIL=quangkhai@grafana.quangkhai.ch -VIRTUAL_HOST=grafana.quangkhai.ch -VIRTUAL_PORT=3000 -GF_SERVER_DOMAIN=grafana.quangkhai.ch GF_SERVER_ROOT_URL=https://grafana.quangkhai.ch +GF_AUTH_ANONYMOUS_ENABLED=false +GF_AUTH_DISABLE_LOGIN_FORM=true + +GF_AUTH_GENERIC_OAUTH_ENABLED=true +GF_AUTH_GENERIC_OAUTH_NAME=Authelia +GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=false +GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana +GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET= +GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email + +GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization +GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token +GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo + +GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE=email +GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE=name \ No newline at end of file From 383c88defd5e4c58a4e259350ea2f73aa06d450e Mon Sep 17 00:00:00 2001 From: Quang Khai Nguyen Date: Thu, 16 Apr 2026 21:54:21 +0200 Subject: [PATCH 3/4] deployment script --- deploy.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 deploy.sh diff --git a/deploy.sh b/deploy.sh new file mode 100644 index 0000000..9c824c9 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Deploy Authelia configuration +# Copies all files from authelia folder to /home/quangkhai/authelia + +set -e + +SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/authelia" && pwd)" +DEST_DIR="/home/quangkhai/authelia" + +echo "Starting deployment..." +echo "Source: $SOURCE_DIR" +echo "Destination: $DEST_DIR" + +# Create destination directory if it doesn't exist +if [ ! -d "$DEST_DIR" ]; then + echo "Creating destination directory: $DEST_DIR" + mkdir -p "$DEST_DIR" +fi + +# Copy all files +echo "Copying files..." +cp -rv "$SOURCE_DIR"/* "$DEST_DIR/" + +echo "✓ Deployment completed successfully!" +echo "Files copied to: $DEST_DIR" + + From 68e55131b5e02340e577dd88358624f9e9310cfb Mon Sep 17 00:00:00 2001 From: Quang Khai Nguyen Date: Sat, 18 Apr 2026 21:51:27 +0200 Subject: [PATCH 4/4] FIX SSO Login setting from Grafana --- prometheus/grafana/config.monitoring | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/prometheus/grafana/config.monitoring b/prometheus/grafana/config.monitoring index cc86ec6..a87a6f9 100644 --- a/prometheus/grafana/config.monitoring +++ b/prometheus/grafana/config.monitoring @@ -4,14 +4,22 @@ GF_AUTH_DISABLE_LOGIN_FORM=true GF_AUTH_GENERIC_OAUTH_ENABLED=true GF_AUTH_GENERIC_OAUTH_NAME=Authelia -GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=false +GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana -GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET= -GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email +GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=VeNuocNuocVe26! +GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email" +GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN=true GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo -GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE=email -GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE=name \ No newline at end of file +# 2. Map the ID (used for login) +# Many OIDC providers use 'preferred_username' or 'sub' +GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username + +# 3. Map the Email +GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email + +# 4. Map the Name (optional, but good for profile) +GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name \ No newline at end of file