--- title: description: date: 2023-04-24 lang: zh-tw tags: - 樹莓派 - Linux - docker --- # Grafana儀表板:使用Authelia OpenID ## Grafana設置 :::info 密鑰與加鹽密鑰，可用一下指令產生 `authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986` ::: 只要在 Grafana 的 stack.env 加入以下 ```env= GF_SERVER_ROOT_URL=https://grafana.example.com GF_AUTH_GENERIC_OAUTH_ENABLED=true GF_AUTH_GENERIC_OAUTH_NAME=Authelia GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET= <密碼，與下面的相映> GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.example.com/api/oidc/authorization GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.example.com/api/oidc/token GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.example.com/api/oidc/userinfo GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name GF_AUTH_GENERIC_OAUTH_USE_PKCE=true ``` ## Authelia設置 ```yml= identity_providers: oidc: #參考先前 "Authelia:開啟OpenID Connect" 配置 . . . clients: - id: grafana description: Grafana secret: <加鹽密鑰> public: false authorization_policy: two_factor redirect_uris: - https://grafana.example.com/login/generic_oauth scopes: - openid - profile - groups - email userinfo_signing_algorithm: none ``` ## Ref * https://www.authelia.com/integration/openid-connect/grafana/