Grafana https 사설인증서 적용 후 wss 에러 발생

 

@문제

  • https 적용 후 grafana 대시보드를 삽입한 자체 개발 페이지 접속 시 화면은 정상적으로 표시되나
  • F12 디버그 모드로 볼때 아래와 같은 에러 발생
  • 서버에서 그래프 수정시 자체개발 페이지에서도 실시간 수정사항이 반영되지 않음.
@해결방법
  1. Grafana 자체에 서버에서 일어나는 변경사항에 대한 실시간 반영(push)를 위한 메시지 엔진이 돌아가고 있으며 front-end 와 websocket 으로 연동하고 있음

Grafana Live overview

Grafana Live is a real-time messaging engine introduced in Grafana v8.0.
With Grafana Live, you can push event data to a frontend as soon as an event occurs.
This could be notifications about dashboard changes, new frames for rendered data, and so on. Live features can help eliminate a page reload or polling in many places, it can stream Internet of things (IOT) sensors or any other real-time data to panels.
Note: By real-time, we indicate a soft real-time. Due to network latencies, garbage collection cycles, and so on, the delay of a delivered message can be up to several hundred milliseconds or higher.

Concepts

Grafana Live sends data to clients over persistent WebSocket connection. Grafana frontend subscribes on channels to receive data which was published into that channel – in other words PUB/SUB mechanics is used. All subscriptions on a page multiplexed inside a single WebSocket connection. There are some rules regarding Live channel names – see Live channel.
Handling persistent connections like WebSocket in scale may require operating system and infrastructure tuning. That’s why by default Grafana Live supports 100 simultaneous connections max. For more details on how to tune this limit, refer to Live configuration section.

2. Grafana Live 기능에 대한 설정 옵션 중 websocket 연결 하이재킹을 방지하기 위해 request 헤더의 origin 값을 확인하고 제한한다는 내용 -> 이것 때문에 wss connection 오류가 나는 것으로 보임

Grafana Live의 옵션설정

Configure Grafana Live


Grafana Live is enabled by default. In Grafana v8.0, it has a strict default for a maximum number of connections per Grafana server instance.

Max number of connections

Grafana Live uses persistent connections (WebSocket at the moment) to deliver real-time updates to clients.
WebSocket is a persistent connection that starts with an HTTP Upgrade request (using the same HTTP port as the rest of Grafana) and then switches to a TCP mode where WebSocket frames can travel in both directions between a client and a server. Each logged-in user opens a WebSocket connection – one per browser tab.
The number of maximum WebSocket connections users can establish with Grafana is limited to 100 by default. See max_connections option.
In case you want to increase this limit, ensure that your server and infrastructure allow handling more connections. The following sections discuss several common problems which could happen when managing persistent connections, in particular WebSocket connections.

Request origin check

To avoid hijacking of WebSocket connection Grafana Live checks the Origin request header sent by a client in an HTTP Upgrade request. Requests without Origin header pass through without any origin check.

By default, Live accepts connections with Origin header that matches configured root_url (which is a public Grafana URL).

It is possible to provide a list of additional origin patterns to allow WebSocket connections from. This can be achieved using the allowed_origins option of Grafana Live configuration.
아래 설정 내용 참고하여 /etc/grafana/grafana.ini 파일 중 "allowed_origins" 옵션에 grafana의 서비스 url을 아래와 같이 추가함
# allowed_origins is a comma-separated list of origins that can establish connection with Grafana Live. 


# If not set then origin will be matched over root_url. Supports wildcard symbol "*". 



allowed_origins ="https://file.rozetatech.com:3000"
-> 위 설정 추가 후 wss connection Error 해결됨
아래 내용 참고

allowed_origins

Note: Available in Grafana v8.0.4 and later versions.
The allowed_origins option is a comma-separated list of additional origins (Origin header of HTTP Upgrade request during WebSocket connection establishment) that will be accepted by Grafana Live.
If not set (default), then the origin is matched over root_url which should be sufficient for most scenarios.
Origin patterns support wildcard symbol "*".
For example:
[live]


allowed_origins = "https://*.example.com"

댓글

댓글 쓰기

이 블로그의 인기 게시물

[Tomcat] Tomcat 서버 Manager 페이지 접속하기

이미지
Tomcat 테스트 서버에 import 된 jar 파일을 추가하고, 리로드 하기 위해 방법을 찾아보니 manager 페이지에 들어가서 하면 된단다... Tomcat 기본 페이지에서 "Manager App" 버튼 눌렀는데 갑자기 암호 물어본다... 헐. 암호 설정한 적이 없는거 같은디... 서버 로그인 계정과 암호 묻는줄 알고 입력 했더니.. 에러 페이지 뜨면서 머라고???? 읽어보니 설치폴더\conf\tomcat-users.xml 파일 수정하란다.. role 에 manager-gui 라는 권한을 할당해 주어야 한다. 아래와 같이 수정하고 나서. <role rolename="tomcat"/>   <role rolename="role1"/>   <role rolename="manager-gui"/>   <user username="tomcat" password="tomcat" roles="tomcat ,manager-gui"/>   <user username="both" password="tomcat" roles="tomcat,role1"/>   <user username="role1" password="tomcat" roles="role1"/> </tomcat-users> 기본상태는 전체가 주석처리 되있으니 수정할때 주석해제 잊지 말자...(또 한번의 삽질 ) 수정하고 나서 서버 재시작해야 한다... 접속하니 잘 된다...ㅋㅋ 이제 원하는 어플리케이션 서버 리로드 버튼 클릭하면 리로드 간단 해결된다... Ignorance is not the problem, the
자세한 내용 보기