How to block access by IP for grafana?

H

hrvasiliy2017-04-26 00:38:07

Nginx

hrvasiliy, 2017-04-26 00:38:07

By default, after installing grafana, you can get to the web interface http://$serverip:3000. I figured out how to set up access to the web interface through my domain (I used proxying), but at the same time, access via http://$serverip:3000 also remained working - which is not very safe if some important statistics are displayed there.
Is it possible to somehow disable access to the direct IP of the server at the grafana level? Or should I use iptables to block from outside, but to open from localhost?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

krosh, 2017-04-26
@hrvasiliy

iptables -A INPUT -m tcp -p tcp --dport 3000 -j DROP iptables -A INPUT -m state
--state
ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP

P

planc, 2017-04-26
@planc

you should hang it on localhost and portforward via ssh
ssh -L 3000:localhost:3000 serverip

S

SlavikF, 2017-04-26
@SlavikF

That is, you think that access via http://$serverip:3000 is not secure. Will it be secure through a domain name? What is the difference? Or is $serverip behind NAT?