fix(api-gateway): update Nginx reverse proxy headers for Grafana 10+ compatibility

- Change Host header from $host to $http_host for correct host forwarding - Add X-Forwarded-Host and X-Forwarded-Port headers - Add Origin header ($scheme://$host) critical for Grafana 10+ CORS validation - Disable proxy buffering for better real-time updates - Update README with manual Nginx configuration update instructions for existing installations Resolves 'origin not allowed' error when accessing Grafana through Nginx reverse proxy with SSL.
2025-12-04 22:31:59 -08:00 · 2025-12-04 22:31:59 -08:00 · a72b5f00d2
parent 746cd8e35e
commit a72b5f00d2
2 changed files with 39 additions and 1 deletions
--- a/backend/api-gateway/README.md
+++ b/backend/api-gateway/README.md
@ -337,6 +337,32 @@ openssl rand -base64 24
 - 如果看到 "origin not allowed" 错误，说明 `GRAFANA_ROOT_URL` 与实际访问地址不匹配
 - 修改 `.env` 后必须重启容器才能生效

+**如果之前已安装 Nginx，需要更新配置**：
+
+如果你之前运行过 `install-monitor.sh`，需要手动更新 Nginx 配置文件以支持 Grafana 10+：
+
+```bash
+# 1. 编辑 Nginx 配置文件
+sudo nano /etc/nginx/sites-available/monitor.szaiai.com.conf
+
+# 2. 在 Grafana location / 块中添加以下 headers:
+#    proxy_set_header Host $http_host;
+#    proxy_set_header X-Forwarded-Host $host;
+#    proxy_set_header X-Forwarded-Port $server_port;
+#    proxy_set_header Origin $scheme://$host;
+#    proxy_buffering off;
+
+# 3. 测试并重载 Nginx
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+或者重新运行安装脚本（会使用更新后的配置）：
+```bash
+cd ~/rwadurian/backend/api-gateway
+sudo ./scripts/install-monitor.sh monitor.szaiai.com
+```
+
 ## 生产环境部署

 ### 部署前检查清单
--- a/backend/api-gateway/scripts/install-monitor.sh
+++ b/backend/api-gateway/scripts/install-monitor.sh
@ -169,14 +169,26 @@ server {
    location / {
        proxy_pass http://127.0.0.1:$GRAFANA_PORT;
        proxy_http_version 1.1;
+
+        # WebSocket support
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
+
+        # Standard proxy headers
+        proxy_set_header Host \$http_host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Host \$host;
+        proxy_set_header X-Forwarded-Port \$server_port;
+
+        # Grafana 10+ 反向代理支持
+        proxy_set_header Origin \$scheme://\$host;
+
+        # 缓存和超时
        proxy_cache_bypass \$http_upgrade;
        proxy_read_timeout 86400;
+        proxy_buffering off;
    }

    # Prometheus (仅内网)