Grafana 보안 및 인증

1[security]2# 기본 관리자 계정 설정3admin_user = admin4admin_password = strong-password5 6# 익명 접근 비활성화7[auth.anonymous]8enabled = false9 10# 사용자 셀프 가입 비활성화11[users]12allow_sign_up = false13allow_org_create = false

1[server]2protocol = https3cert_file = /etc/grafana/certs/grafana.crt4cert_key = /etc/grafana/certs/grafana.key

1server {2    listen 443 ssl;3    server_name grafana.example.com;4 5    ssl_certificate /etc/ssl/certs/grafana.crt;6    ssl_certificate_key /etc/ssl/private/grafana.key;7 8    location / {9        proxy_pass http://localhost:3000;10        proxy_set_header Host $host;11        proxy_set_header X-Real-IP $remote_addr;12        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;13        proxy_set_header X-Forwarded-Proto $scheme;14    }15}

1[auth.github]2enabled = true3client_id = your-client-id4client_secret = your-client-secret5scopes = user:email,read:org6allowed_organizations = your-org7allow_sign_up = true

1[auth.google]2enabled = true3client_id = your-client-id4client_secret = your-client-secret5scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email6allowed_domains = example.com7allow_sign_up = true

1[auth.ldap]2enabled = true3config_file = /etc/grafana/ldap.toml4allow_sign_up = true

1[[servers]]2host = "ldap.example.com"3port = 3894use_ssl = false5bind_dn = "cn=admin,dc=example,dc=com"6bind_password = "password"7search_filter = "(uid=%s)"8search_base_dns = ["dc=example,dc=com"]9 10[servers.attributes]11name = "givenName"12email = "mail"13 14[[servers.group_mappings]]15group_dn = "cn=grafana-admin,ou=groups,dc=example,dc=com"16org_role = "Admin"17 18[[servers.group_mappings]]19group_dn = "*"20org_role = "Viewer"