docs(api-gateway): enhance GRAFANA_ROOT_URL configuration documentation

- Added critical warning about GRAFANA_ROOT_URL matching actual access URL - Documented common "origin not allowed" error and its cause - Provided clear examples for local vs production deployment - Added security tip for generating Grafana password This fixes the 403 Forbidden error when accessing Grafana via domain while GRAFANA_ROOT_URL is set to localhost. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 22:07:22 -08:00 · 2025-12-04 22:07:22 -08:00 · b94cf57b08
parent a748cf07f0
commit b94cf57b08
1 changed files with 11 additions and 3 deletions
--- a/backend/api-gateway/.env.example
+++ b/backend/api-gateway/.env.example
@ -35,12 +35,20 @@ KONG_ADMIN_GUI_URL=http://localhost:8002
 # =============================================================================
 # Grafana Admin Password
 # SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 24
 GRAFANA_ADMIN_PASSWORD=admin123

-# Grafana Root URL - Update to match your deployment domain
+# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from
+# IMPORTANT: This affects CORS, redirects, and authentication!
 # Examples:
-#   Development: http://localhost:3030
-#   Production:  https://monitor.yourdomain.com
+#   Local development:           http://localhost:3030
+#   Production with Nginx+SSL:   https://monitor.szaiai.com
+#   Production without SSL:      http://monitor.szaiai.com
+#
+# If you use install-monitor.sh with domain "monitor.szaiai.com", set:
+#   GRAFANA_ROOT_URL=https://monitor.szaiai.com
+#
+# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error!
 GRAFANA_ROOT_URL=http://localhost:3030

 # Docker network name for monitoring services