{%- from "grafana/map.jinja" import server with context %} ##################### Grafana Configuration File ##################### # # Everything has defaults so you only need to uncomment things you want to # change # possible values : production, development ; app_mode = production #################################### Paths #################################### [paths] # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) # data = {{ server.path.data }} # # Directory where grafana can store logs # logs = {{ server.path.logs }} #################################### Server #################################### [server] # Protocol (http or https) protocol = {{ server.protocol }} # The ip address to bind to, empty will bind to all interfaces http_addr = {{ server.bind.address }} # The http port to use http_port = {{ server.bind.port }} # The public facing domain name used to access grafana from a browser domain = {{ server.domain }} # Redirect to correct domain if host header does not match domain # Prevents DNS rebinding attacks ;enforce_domain = false # The full public facing url root_url = {{ server.root_url }} # Log web requests ;router_logging = false # the path relative working path ;static_root_path = public # enable gzip ;enable_gzip = false # https certs & key file ;cert_file = ;cert_key = #################################### Database #################################### [database] # Either "mysql", "postgres" or "sqlite3", it's your choice type = {% if server.database.engine == "postgresql" %}postgres{% else %}{{ server.database.engine }}{% endif %} {%- if server.database.engine in ["postgresql", "mysql"] %} host = {{ server.database.host }}:{{ server.database.port }} name = {{ server.database.name }} user = {{ server.database.user }} password = {{ server.database.password }} {%- endif %} # For "postgres" only, either "disable", "require" or "verify-full" ;ssl_mode = disable # For "sqlite3" only, path relative to data_path setting {%- if server.database.engine in ["sqlite"] %} path = grafana.db {%- endif %} #################################### Session #################################### [session] # Either "memory", "file", "redis", "mysql", "postgres", default is "file" provider = {{ server.session.engine }} # Provider config options # memory: not have any config yet # file: session dir path, is relative to grafana data_path # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` # mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` # postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable {%- if server.session.engine == 'redis' %} provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.session.get('port', 6379) }},db={{ server.session.get('db', 'grafana') }} {%- endif %} # Session cookie name ;cookie_name = grafana_sess # If you use session in https only, default is false ;cookie_secure = false # Session life time, default is 86400 ;session_life_time = 86400 #################################### Analytics #################################### [analytics] # Server reporting, sends usage counters to stats.grafana.org every 24 hours. # No ip addresses are being tracked, only simple counters to track # running instances, dashboard and error counts. It is very helpful to us. # Change this option to false to disable reporting. ;reporting_enabled = true # Google Analytics universal tracking code, only enabled if you specify an id here ;google_analytics_ua_id = #################################### Security #################################### [security] # default admin user, created on startup admin_user = {{ server.admin.user }} # default admin password, can be changed before first start of grafana, or in profile settings admin_password = {{ server.admin.password }} # used for signing ;secret_key = SW2YcwTIb9zpOOhoPsMm # Auto-login remember days ;login_remember_days = 7 ;cookie_username = grafana_user ;cookie_remember_name = grafana_remember # disable gravatar profile images ;disable_gravatar = false # data source proxy whitelist (ip_or_domain:port seperated by spaces) ;data_source_proxy_whitelist = #################################### Users #################################### [users] # disable user signup / registration allow_sign_up = {{ server.allow_sign_up|lower }} # Allow non admin users to create organizations allow_org_create = {{ server.allow_org_create|lower }} # Set to true to automatically assign new users to the default organization (id 1) ;auto_assign_org = true # Default role new users will be automatically assigned (if disabled above is set to true) ;auto_assign_org_role = Viewer auto_assign_org_role = {{ server.auto_assign_role }} [auth] # Set to true to disable (hide) the login form, useful if you use OAuth disable_login_form = {{ server.auth.disable_login_form }} # Set to true to disable the signout link in the side menu. useful if you use auth.proxy disable_signout_menu = {{ server.auth.disable_signout_menu }} # URL to redirect the user to after sign out signout_redirect_url = {{ server.auth.signout_redirect_url }} #################################### Anonymous Auth ########################## [auth.anonymous] {%- if server.auth.engine == 'anonymous' or server.auth.get('anonymous', {}).get('enabled', False) %} enabled = true {%- if server.auth.organization is defined or server.auth.anonymous.organization is defined %} org_name = {{ server.auth.get('organization', server.auth.anonymous.organization) }} {%- endif %} {%- if server.auth.role is defined or server.auth.anonymous.role is defined %} org_name = {{ server.auth.get('role', server.auth.anonymous.role) }} {%- endif %} {%- else %} # enable anonymous access ;enabled = false # specify organization name that should be used for unauthenticated users ;org_name = Main Org. # specify role for unauthenticated users ;org_role = Viewer {%- endif %} #################################### Github Auth ########################## [auth.github] ;enabled = false ;allow_sign_up = false ;client_id = some_id ;client_secret = some_secret ;scopes = user:email,read:org ;auth_url = https://github.com/login/oauth/authorize ;token_url = https://github.com/login/oauth/access_token ;api_url = https://api.github.com/user ;team_ids = ;allowed_organizations = #################################### Google Auth ########################## [auth.google] ;enabled = false ;allow_sign_up = false ;client_id = some_client_id ;client_secret = some_client_secret ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email ;auth_url = https://accounts.google.com/o/oauth2/auth ;token_url = https://accounts.google.com/o/oauth2/token ;api_url = https://www.googleapis.com/oauth2/v1/userinfo ;allowed_domains = #################################### Generic OAuth ########################## [auth.generic_oauth] {%- if server.auth.engine == 'oauth' or server.auth.get('oauth', {}).get('enabled', False) %} enabled = true client_id = {{ server.auth.get('oauth', {}).get('client_id', 'YOUR_APP_CLIENT_ID') }} client_secret = {{ server.auth.get('oauth', {}).get('client_secret', 'YOUR_APP_CLIENT_SECRET') }} scopes = {{ server.auth.get('oauth', {}).get('scopes', '') }} auth_url = {{ server.auth.get('oauth', {}).get('auth_url', '') }} token_url = {{ server.auth.get('oauth', {}).get('token_url', '') }} api_url = {{ server.auth.get('oauth', {}).get('api_url', '') }} allowed_domains = {{ server.auth.get('oauth', {}).get('allowed_domains', '') }} allow_sign_up = {{ server.auth.get('oauth', {}).get('allow_sign_up', 'true') }} {%- endif %} #################################### Auth Proxy ########################## [auth.proxy] {%- if server.auth.engine == 'proxy' or server.auth.get('proxy', {}).get('enabled', False) %} enabled = true header_name = {{ server.auth.get('proxy', {}).get('header', server.auth.get('header', 'X-Forwarded-User')) }} header_property = {{ server.auth.get('proxy', {}).get('header_property', server.auth.get('header_property', 'username')) }} auto_sign_up = true {%- endif %} #################################### Basic Auth ########################## [auth.basic] {%- if server.auth.engine == 'basic' or server.auth.get('basic', {}).get('enabled', False) %} enabled = true {%- else %} enabled = false {%- endif %} #################################### Auth LDAP ########################## [auth.ldap] {%- if server.auth.get('ldap', {}).get('enabled', False) %} enabled = true config_file = /etc/grafana/ldap.toml {%- else %} enabled = false {%- endif %} #################################### SMTP / Emailing ########################## [smtp] {%- if server.get('mail', {}).get('enabled', False) %} enabled = true {%- if server.mail.host is defined %} host = {{ server.mail.host }}:{{ server.mail.get('port', 25) }} {%- endif %} {%- if server.mail.username is defined %} user = {{ server.mail.username }} password = {{ server.mail.password }} {%- endif %} ;cert_file = ;key_file = ;skip_verify = false from_address = {{ server.mail.get('from', 'grafana@localhost') }} {%- else %} enabled = false {%- endif %} [emails] ;welcome_email_on_sign_up = false #################################### Logging ########################## [log] # Either "console", "file", default is "console" # Use comma to separate multiple modes, e.g. "console, file" ;mode = console, file # Buffer length of channel, keep it as it is if you don't know what it is. ;buffer_len = 10000 # Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" ;level = Info # For "console" mode only [log.console] ;level = # For "file" mode only [log.file] ;level = # This enables automated log rotate(switch of following options), default is true ;log_rotate = true # Max line number of single file, default is 1000000 ;max_lines = 1000000 # Max size shift of single file, default is 28 means 1 << 28, 256MB ;max_lines_shift = 28 # Segment log daily, default is true ;daily_rotate = true # Expired days of log file(delete after max days), default is 7 ;max_days = 7 #################################### AMPQ Event Publisher ########################## [event_publisher] ;enabled = false ;rabbitmq_url = amqp://localhost/ ;exchange = grafana_events ;#################################### Dashboard JSON files ########################## [dashboards.json] {%- if server.dashboards.enabled %} enabled = true path = {{ server.dashboards.path }} {%- else %} ;enabled = false ;path = /var/lib/grafana/dashboards {%- endif %}