New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
login credentials for desktop interface #280
Comments
I've put mine behind an nginx reverse proxy using vouch-proxy for authentication. Others may have a better setup. |
I tried to use a reverse proxy with Apache2:
You need to point grafana.yourdomain.com and teslamate.yourdomain.com to your host and you need to create a .htpasswd with htpasswd. Works fine for Grafana, hangs with Teslamate after loading the text, before loading the map. Any idea? Access to ports 3000 and 4000 could then be restricted with ufw or through another firewall, e.g.. in the router. |
You may get some tips here as well: |
Sure, but you cannot get away with port 80, because letsencrypt needs it. When you got Apache running on port 80, you cannot use that. |
For Grafana is there any reason why its built-in security isn't being used: https://grafana.com/docs/auth/overview/ I know it might not be enough for some but could be very useful to most. |
The focus is on getting new users up and running as quickly as possible :-) Grafana comes with the following env variables / settings by default:
You can customize them as you like. |
aah that looks like what I need :) I found some info on grafana build in security settings, but haven't tried it yet. Can these variables be adjusted afterwards, and run the docker-compose up again? |
Ok, the issue with the Apache reverse proxy is resolved. It was an issue with websockets:
Both teslamate.yourdomain.com and grafana.yourdomain.com must point to the server. Works like a charme. To restrict ports 3000 and 4000 to localhost on the server, do the following (if ufw is enabled):
|
just to add my experience. I opened my existing docker-compose.yml and added following lines under grafana environment:
and ran docker-compose up again. Even though I had some warning messages, and in docker (which I run on a synology NAS) I had to restart the services again. Everything seemed to work as I wanted. When opening the my.ip:3000 page I have a login screen. Now I only wanted to hide the main teslamatepage (port 4000). So in the synology NAS firewall rules I added a rule to trafic to port 4000. Now nobody can see my current location at least. Not sure this is the right way of doing it but seems to work so far. thanks! |
@adriankumpf Wouldn't it be possible to protect teslamate by perhaps the Tesla credentials? |
The Advanced Docker setup guide https://github.com/adriankumpf/teslamate/blob/master/docs/installation/docker_advanced.md uses |
Please find attached a configuration for Apache to run teslamate and grafana in parallel to Apache. It uses https and assumes, that you have a certificate, here from Let's Encrypt, and a .htpasswd set up. Please fill in your domain name in the file. You still need to restrict access to ports 3000 and 4000. |
Restricting access to 3000 and 4000 on the host does not work. Probably it needs to be done via docker-compose.yml. Question: How would I restrict the access to 3000 resp. 4000 to only the server docker is running on? |
I dont want to open a new ticket for this since its prob a issue on my side... my teslamate has issues loading the main page because it cant seem to load the grafana things on the main page, but the dashboard links work fine... This seems mostly relevant discussion so Im tagging onto this. These are my settings... grafana has anonymous access allowed... |
Maybe I'm overlooking something, tried to lookup on the forum and manual. But is there a way to secure the dashboard with login/password credentials? I host teslamate on docker on a network where other users also have access to. Rather not have other people look at my whereabouts :)
The text was updated successfully, but these errors were encountered: