From 7745bf16f3fdfa65e08a691f708463b4b8bedaa3 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Thu, 10 Mar 2022 09:39:58 +1100
Subject: [PATCH] grafana: proxy websockets

If you watch the web console of your browser in a grafana page, it
constantly tries to hit /api/live/ws which is currently giving an
error.

Following some combination of [1], [2], [3] and some trial-and-error,
this appears to let apache proxy through the requests.

[1] https://github.com/grafana/grafana/issues/36929
[2] https://github.com/grafana/grafana/issues/34537
[3] https://grafana.com/tutorials/run-grafana-behind-a-proxy/

Change-Id: I6c5ba71a1c0feab36b4df56f80271fa52f6354de
---
 playbooks/roles/grafana/templates/docker-compose.yaml.j2 | 1 +
 playbooks/roles/grafana/templates/grafana.vhost.j2       | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/playbooks/roles/grafana/templates/docker-compose.yaml.j2 b/playbooks/roles/grafana/templates/docker-compose.yaml.j2
index d02f564756..e9b7405f60 100644
--- a/playbooks/roles/grafana/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/grafana/templates/docker-compose.yaml.j2
@@ -8,6 +8,7 @@ services:
     image: docker.io/grafana/grafana-oss:latest
     network_mode: host
     environment:
+      GF_SERVER_DOMAIN: 'grafana.opendev.org'
       GF_SECURITY_ADMIN_PASSWORD__FILE: '/etc/grafana/secrets/admin_password'
       GF_SECURITY_ADMIN_USER__FILE: '/etc/grafana/secrets/admin_user'
       GF_SECURITY_SECRET_KEY__FILE: '/etc/grafana/secrets/secret_key'
diff --git a/playbooks/roles/grafana/templates/grafana.vhost.j2 b/playbooks/roles/grafana/templates/grafana.vhost.j2
index 07a5caf3ce..c20ee11249 100644
--- a/playbooks/roles/grafana/templates/grafana.vhost.j2
+++ b/playbooks/roles/grafana/templates/grafana.vhost.j2
@@ -1,5 +1,7 @@
 <VirtualHost *:80>
   ServerName {{ inventory_hostname }}
+  ServerAlias grafana.opendev.org
+
   ServerAdmin webmaster@openstack.org
 
   ErrorLog ${APACHE_LOG_DIR}/grafana-error.log
@@ -14,6 +16,8 @@
 
 <VirtualHost *:443>
   ServerName {{ inventory_hostname }}
+  ServerAlias grafana.opendev.org
+
   ServerAdmin webmaster@openstack.org
 
   AllowEncodedSlashes On
@@ -44,6 +48,11 @@
   RewriteEngine on
   RewriteRule "^/api/snapshots(.*?)$" "-" [F]
 
+  # This is for the websocket endpoint /api/live/ws
+  RewriteCond %{HTTP:Upgrade} websocket [NC]
+  RewriteCond %{HTTP:Connection} upgrade [NC]
+  RewriteRule ^/?(.*) "ws://localhost:3000/$1" [P,L]
+
   ProxyPass  / http://localhost:3000/ retry=0
   ProxyPassReverse / http://localhost:3000/