We had a use case where multiple ReDash dashboards were created. Some of the dashboards had to be made public. Login from public was to be disabled. We had a subdomain that was already serving few custom dashboards. Therefore the new rehash dashboards had to be served using path based routing in such as way that
- https://subdomain.domain.com/dash1 –> First dash board
- https://subdomain.domain.com/dash2 –> Second dash board
You get the idea.
Login from public endpoints to be disabled.
After some trial and error, we used the following code to make the dashboards work since last 1 year.
upstream redash_servers {
server XXX.XXX.X.X:XXXX;
}
server {
listen 443 ssl;
server_name subdomain.domain.tld;
ssl_certificate /etc/XXXXX/XXXXX.crt;
ssl_certificate_key /etc/XXXXX/XXXXX.key;
ssl_protocols XXXXXXXXX;
location /api {
proxy_pass http://redash_servers ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /dashboard1/ {
sub_filter ="/" ="/dashboard1/";
sub_filter ="/static/ ="/dashboard1/static/;
sub_filter ="/ldap/ ="/dashboard1/ldap/;
sub_filter ="/api/ ="/dashboard1/api/;
sub_filter ="/api/ ="/dashboard1/ldap/;
sub_filter ="/saml/login ="/dashboard1/saml/login;
sub_filter ="/api/config ="/dashboard1/api/config;
sub_filter ="/api/events ="/dashboard1/api/events;
sub_filter url(/static url(/dashboard1/static;
sub_filter url(/api url(/dashboard1/api;
sub_filter ="/public/dashboards/ ="/dashboard1/public/dashboards/;
sub_filter_once off;
sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header SCRIPT_NAME /dashboard1;
proxy_pass http://redash_servers ;
proxy_set_header Host $host;
}
location /dashboard1/login {
# allow XXX.XXX.X.X;
deny all;
}
location /dashboard2/ {
sub_filter ="/" ="/dashboard2/";
sub_filter ="/static/ ="/dashboard2/static/;
sub_filter ="/ldap/ ="/dashboard2/ldap/;
sub_filter ="/api/ ="/dashboard2/api/;
sub_filter ="/api/ ="/dashboard2/ldap/;
sub_filter ="/saml/login ="/dashboard2/saml/login;
sub_filter ="/api/config ="/dashboard2/api/config;
sub_filter ="/api/events ="/dashboard2/api/events;
sub_filter url(/static url(/dashboard2/static;
sub_filter url(/api url(/dashboard2/api;
sub_filter ="/public/dashboards/ ="/dashboard2/public/dashboards/;
sub_filter_once off;
sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header SCRIPT_NAME /dashboard2;
proxy_pass http://redash_servers ;
proxy_set_header Host $host;
}
location /dashboard2/login {
# allow XXXX.XXX.XXX.XXX;
deny all;
}
location /dashboard3/ {
sub_filter ="/" ="/dashboard3/";
sub_filter ="/static/ ="/dashboard3/static/;
sub_filter ="/ldap/ ="/dashboard3/ldap/;
sub_filter ="/api/ ="/dashboard3/api/;
sub_filter ="/api/ ="/dashboard3/ldap/;
sub_filter ="/saml/login ="/dashboard3/saml/login;
sub_filter ="/api/config ="/dashboard3/api/config;
sub_filter ="/api/events ="/dashboard3/api/events;
sub_filter url(/static url(/dashboard3/static;
sub_filter url(/api url(/dashboard3/api;
sub_filter ="/public/dashboards/ ="/dashboard3/public/dashboards/;
sub_filter_once off;
sub_filter_types application/javascript text/css text/xml text/javascript application/json text/plain;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header SCRIPT_NAME /dashboard3;
proxy_pass http://redash_servers ;
proxy_set_header Host $host;
}
location /dashboard3/login {
# allow XXX.XXX.XXX.XXX;
deny all;
}
}
server {
listen 80;
server_name subdomain.domain.tld;
return 301 https://$host$request_uri;
}
Code language: PHP (php)