From b94cf57b08af0ddbf65be0ade0e4efda2b13d156 Mon Sep 17 00:00:00 2001 From: hailin Date: Thu, 4 Dec 2025 22:07:22 -0800 Subject: [PATCH] docs(api-gateway): enhance GRAFANA_ROOT_URL configuration documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added critical warning about GRAFANA_ROOT_URL matching actual access URL - Documented common "origin not allowed" error and its cause - Provided clear examples for local vs production deployment - Added security tip for generating Grafana password This fixes the 403 Forbidden error when accessing Grafana via domain while GRAFANA_ROOT_URL is set to localhost. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- backend/api-gateway/.env.example | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/backend/api-gateway/.env.example b/backend/api-gateway/.env.example index b0e06ab1..9839d18e 100644 --- a/backend/api-gateway/.env.example +++ b/backend/api-gateway/.env.example @@ -35,12 +35,20 @@ KONG_ADMIN_GUI_URL=http://localhost:8002 # ============================================================================= # Grafana Admin Password # SECURITY: Change this in production! +# Example command to generate: openssl rand -base64 24 GRAFANA_ADMIN_PASSWORD=admin123 -# Grafana Root URL - Update to match your deployment domain +# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from +# IMPORTANT: This affects CORS, redirects, and authentication! # Examples: -# Development: http://localhost:3030 -# Production: https://monitor.yourdomain.com +# Local development: http://localhost:3030 +# Production with Nginx+SSL: https://monitor.szaiai.com +# Production without SSL: http://monitor.szaiai.com +# +# If you use install-monitor.sh with domain "monitor.szaiai.com", set: +# GRAFANA_ROOT_URL=https://monitor.szaiai.com +# +# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error! GRAFANA_ROOT_URL=http://localhost:3030 # Docker network name for monitoring services