LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-24-2021, 03:49 PM   #31
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,815

Rep: Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864

Quote:
Originally Posted by cesarsj View Post
I think we have a breakthrough, finally! The error has changed, it is now recorded in log_log:

Code:
[Wed Feb 24 17:15:04.781782 2021] [ssl:info] [pid 12386:tid 139710336833280] [remote 192.168.6.253:3000] AH01997: SSL handshake failed: sending 502
[Wed Feb 24 17:15:04.781790 2021] [proxy:error] [pid 12386:tid 139710336833280] (20014)Internal error (specific information not available): [client 192.168.13.7:39496] AH01084: pass request body failed to 192.168.6.253:3000 (myu.com)
[Wed Feb 24 17:15:04.781809 2021] [proxy:error] [pid 12386:tid 139710336833280] [client 192.168.13.7:39496] AH00898: Error during SSL Handshake with remote server returned by /grafana

On the page myu.com/grafana appears:

Proxy Error
The proxy server could not handle the request

Reason: Error during SSL Handshake with remote server
Most likely you use http instead of https in grafana config.
Look again at my post 19 with a working config for both apache and grafana and adjust that to your needs.
 
Old 02-24-2021, 05:05 PM   #32
cesarsj
Member
 
Registered: Mar 2019
Location: Patos de Minas, MG, Brazil
Distribution: Slackware
Posts: 140

Original Poster
Rep: Reputation: Disabled
Thumbs up

Quote:
Originally Posted by bathory View Post
Most likely you use http instead of https in grafana config.
Look again at my post 19 with a working config for both apache and grafana and adjust that to your needs.
I left it as below and it seems to have worked:

Code:
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPreserveHost On
ProxyPass "/grafana" "https://127.0.0.1:3000"
ProxyPassReverse "/grafana" "https://127.0.0.1:3000"
However, when I place the LDAP authentication policies below, a json result appears on the page: message "Invalid username or password". I think it only remains to resolve this to be all OK.

Code:
<Location /grafana>
     ProxyPass "http://192.168.6.3:3000/"
     ProxyPassReverse "http://192.168.6.3:3000/"

     SSLRequireSSL
     AuthType basic
     AuthBasicProvider ldap
     AuthName "Restricted access"
     AuthLDAPBindDN cn=apacheldap,ou=DSA,dc=myu,dc=com
     AuthLDAPBindPassword xxxxxxxx
     AuthLDAPURL ldap://ldap2.myu.com:389/ou=people,dc=myu,dc=com?uid?one TLS
     AuthLDAPGroupAttribute memberUid
     AuthLDAPGroupAttributeIsDN off
     Require ldap-group cn=crsintranetrestrita,ou=groups,dc=myu,dc=com
</Location>
 
Old 02-24-2021, 05:40 PM   #33
cesarsj
Member
 
Registered: Mar 2019
Location: Patos de Minas, MG, Brazil
Distribution: Slackware
Posts: 140

Original Poster
Rep: Reputation: Disabled
Question

Quote:
Originally Posted by cesarsj View Post
I left it as below and it seems to have worked:

Code:
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPreserveHost On
ProxyPass "/grafana" "https://127.0.0.1:3000"
ProxyPassReverse "/grafana" "https://127.0.0.1:3000"
However, when I place the LDAP authentication policies below, a json result appears on the page: message "Invalid username or password". I think it only remains to resolve this to be all OK.

Code:
<Location /grafana>
     ProxyPass "http://192.168.6.3:3000/"
     ProxyPassReverse "http://192.168.6.3:3000/"

     SSLRequireSSL
     AuthType basic
     AuthBasicProvider ldap
     AuthName "Restricted access"
     AuthLDAPBindDN cn=apacheldap,ou=DSA,dc=myu,dc=com
     AuthLDAPBindPassword xxxxxxxx
     AuthLDAPURL ldap://ldap2.myu.com:389/ou=people,dc=myu,dc=com?uid?one TLS
     AuthLDAPGroupAttribute memberUid
     AuthLDAPGroupAttributeIsDN off
     Require ldap-group cn=crsintranetrestrita,ou=groups,dc=myu,dc=com
</Location>
I saw that in the log of grafana, grafana.log, it appears:

Code:
t = 2021-02-24T19: 38: 09-0300 lvl = dbug msg = "Failed to authorize the user" logger = context username = cesarsj err = "User not found"
Funny that when the reverse proxy didn't work and I accessed the grafana directly it didn't happen.
 
Old Yesterday, 04:28 AM   #34
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,815

Rep: Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864
Quote:
However, when I place the LDAP authentication policies below, a json result appears on the page: message "Invalid username or password". I think it only remains to resolve this to be all OK.

Code:

<Location /grafana>
ProxyPass "http://192.168.6.3:3000/"
ProxyPassReverse "http://192.168.6.3:3000/"


SSLRequireSSL
AuthType basic
AuthBasicProvider ldap
AuthName "Restricted access"
AuthLDAPBindDN cn=apacheldap,ou=DSA,dc=myu,dc=com
AuthLDAPBindPassword xxxxxxxx
AuthLDAPURL ldap://ldap2.myu.com:389/ou=people,dc=myu,dc=com?uid?one TLS
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=crsintranetrestrita,ou=groups,dc=myu,dc=com
</Location>
First you should remove the trailing slashes from the backend URL, i.e. it should read:
Code:
<Location /grafana>
     ProxyPass "http://192.168.6.3:3000"
     ProxyPassReverse "http://192.168.6.3:3000"
<-snip->
Second putting the ldap authentication stuff there, it's used by apache to allow access to that resource only for users authenticated by your ldap server.
It has nothing to do with the grafana backend.

Quote:
I saw that in the log of grafana, grafana.log, it appears:

t = 2021-02-24T19: 38: 09-0300 lvl = dbug msg = "Failed to authorize the user" logger = context username = cesarsj err = "User not found"

Funny that when the reverse proxy didn't work and I accessed the grafana directly it didn't happen.
As I told you above LDAP AUTH has nothing to do with grafana because stores its users in a different database.
If you want to allow users from your ldap server to access/use grafana, you need to configure grafana accordingly.
Searching for "grafana+ldap" yielded many results like this
Use your favorite search engine to find more, because that's a different issue from your OP and I'm afraid I cannot help you further.

Regards
 
1 members found this post helpful.
Old Yesterday, 08:06 AM   #35
cesarsj
Member
 
Registered: Mar 2019
Location: Patos de Minas, MG, Brazil
Distribution: Slackware
Posts: 140

Original Poster
Rep: Reputation: Disabled
Wink

Quote:
Originally Posted by bathory View Post
First you should remove the trailing slashes from the backend URL, i.e. it should read:
Code:
<Location /grafana>
     ProxyPass "http://192.168.6.3:3000"
     ProxyPassReverse "http://192.168.6.3:3000"
<-snip->
Second putting the ldap authentication stuff there, it's used by apache to allow access to that resource only for users authenticated by your ldap server.
It has nothing to do with the grafana backend.


As I told you above LDAP AUTH has nothing to do with grafana because stores its users in a different database.
If you want to allow users from your ldap server to access/use grafana, you need to configure grafana accordingly.
Searching for "grafana+ldap" yielded many results like this
Use your favorite search engine to find more, because that's a different issue from your OP and I'm afraid I cannot help you further.

Regards
Yes, you are right, the problem in question has been solved. I really appreciate the helpfulness of helping me all this time.
 
  


Reply

Tags
apache, ldap, proxy, slackware 14.2


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nginx Reverse proxy on a internal apache reverse server ITiger Linux - Software 0 04-25-2014 08:44 AM
Apache reverse proxy server, File mod_proxy_html.so doesn't exist Alexrkkl Linux - Server 2 08-31-2011 11:01 AM
Using Apache Server and Pound as a Reverse Proxy swamprat Linux - Software 0 12-17-2008 05:12 PM
LXer: Linux configure pound reverse proxy for Apache http / https web server LXer Syndicated Linux News 0 12-14-2007 08:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration