123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518 |
- ##################### Grafana Configuration Example #####################
- #
- # Everything has defaults so you only need to uncomment things you want to
- # change
-
- # possible values : production, development
- ;app_mode = production
-
- # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
- instance_name = {{ domain }}
-
- #################################### Paths ####################################
- [paths]
- # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
- data = /data/grafana
-
- # Temporary files in `data` directory older than given duration will be removed
- ;temp_data_lifetime = 24h
-
- # Directory where grafana can store logs
- ;logs = /var/log/grafana
-
- # Directory where grafana will automatically scan and look for plugins
- ;plugins = /var/lib/grafana/plugins
-
- # folder that contains provisioning config files that grafana will apply on startup and while running.
- ;provisioning = conf/provisioning
-
- #################################### Server ####################################
- [server]
- # Protocol (http, https, socket)
- protocol = http
-
- # The ip address to bind to, empty will bind to all interfaces
- http_addr = 127.0.0.1
-
- # The http port to use
- http_port = {{ grafana_internal_port }}
-
- # The public facing domain name used to access grafana from a browser
- domain = {{ grafana_domain }}
-
- # Redirect to correct domain if host header does not match domain
- # Prevents DNS rebinding attacks
- enforce_domain = true
-
- # The full public facing url you use in browser, used for redirects and emails
- # If you use reverse proxy and sub path specify full url (with sub path)
- root_url = https://{{ grafana_domain }}
-
- # Log web requests
- ;router_logging = false
-
- # the path relative working path
- ;static_root_path = public
-
- # enable gzip
- ;enable_gzip = false
-
- # https certs & key file
- ;cert_file =
- ;cert_key =
-
- # Unix socket path
- ;socket =
-
- #################################### Database ####################################
- [database]
- # You can configure the database connection by specifying type, host, name, user and password
- # as separate properties or as on string using the url properties.
-
- # Either "mysql", "postgres" or "sqlite3", it's your choice
- type = postgres
- host = 127.0.0.1:5432
- name = {{ grafana_db_database }}
- user = {{ grafana_db_username }}
- # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
- password = """{{ grafana_db_password }}"""
-
- # Use either URL or the previous fields to configure the database
- # Example: mysql://user:secret@host:port/database
- ;url =
-
- # For "postgres" only, either "disable", "require" or "verify-full"
- ssl_mode = disable
-
- # For "sqlite3" only, path relative to data_path setting
- ;path = grafana.db
-
- # Max idle conn setting default is 2
- ;max_idle_conn = 2
-
- # Max conn setting default is 0 (mean not set)
- ;max_open_conn =
-
- # Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
- ;conn_max_lifetime = 14400
-
- # Set to true to log the sql calls and execution times.
- log_queries =
-
- # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
- ;cache_mode = private
-
- #################################### Session ####################################
- [session]
- # Either "memory", "file", "redis", "mysql", "postgres", default is "file"
- ;provider = file
-
- # Provider config options
- # memory: not have any config yet
- # file: session dir path, is relative to grafana data_path
- # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
- # mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
- # postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
- ;provider_config = sessions
-
- # Session cookie name
- ;cookie_name = grafana_sess
-
- # If you use session in https only, default is false
- ;cookie_secure = false
-
- # Session life time, default is 86400
- ;session_life_time = 86400
-
- #################################### Data proxy ###########################
- [dataproxy]
-
- # This enables data proxy logging, default is false
- ;logging = false
-
- # How long the data proxy should wait before timing out default is 30 (seconds)
- ;timeout = 30
-
- #################################### Analytics ####################################
- [analytics]
- # Server reporting, sends usage counters to stats.grafana.org every 24 hours.
- # No ip addresses are being tracked, only simple counters to track
- # running instances, dashboard and error counts. It is very helpful to us.
- # Change this option to false to disable reporting.
- reporting_enabled = false
-
- # Set to false to disable all checks to https://grafana.net
- # for new vesions (grafana itself and plugins), check is used
- # in some UI views to notify that grafana or plugin update exists
- # This option does not cause any auto updates, nor send any information
- # only a GET request to http://grafana.com to get latest versions
- ;check_for_updates = true
-
- # Google Analytics universal tracking code, only enabled if you specify an id here
- ;google_analytics_ua_id =
-
- # Google Tag Manager ID, only enabled if you specify an id here
- ;google_tag_manager_id =
-
- #################################### Security ####################################
- [security]
- # default admin user, created on startup
- admin_user = {{ grafana_main_user }}
-
- # default admin password, can be changed before first start of grafana, or in profile settings
- admin_password = {{ grafana_main_user_password }}
-
- # used for signing
- secret_key = {{ grafana_signing_key }}
-
- # disable gravatar profile images
- ;disable_gravatar = false
-
- # data source proxy whitelist (ip_or_domain:port separated by spaces)
- ;data_source_proxy_whitelist =
-
- # disable protection against brute force login attempts
- ;disable_brute_force_login_protection = false
-
- # set to true if you host Grafana behind HTTPS. default is false.
- cookie_secure = true
-
- # set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict" and "none"
- cookie_samesite = strict
-
- #################################### Snapshots ###########################
- [snapshots]
- # snapshot sharing options
- ;external_enabled = true
- ;external_snapshot_url = https://snapshots-origin.raintank.io
- ;external_snapshot_name = Publish to snapshot.raintank.io
-
- # remove expired snapshot
- ;snapshot_remove_expired = true
-
- #################################### Dashboards History ##################
- [dashboards]
- # Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
- ;versions_to_keep = 20
-
- #################################### Users ###############################
- [users]
- # disable user signup / registration
- ;allow_sign_up = true
-
- # Allow non admin users to create organizations
- ;allow_org_create = true
-
- # Set to true to automatically assign new users to the default organization (id 1)
- ;auto_assign_org = true
-
- # Default role new users will be automatically assigned (if disabled above is set to true)
- ;auto_assign_org_role = Viewer
-
- # Background text for the user field on the login page
- ;login_hint = email or username
-
- # Default UI theme ("dark" or "light")
- ;default_theme = dark
-
- # External user management, these options affect the organization users view
- ;external_manage_link_url =
- ;external_manage_link_name =
- ;external_manage_info =
-
- # Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
- ;viewers_can_edit = false
-
- [auth]
- # Login cookie name
- ;login_cookie_name = grafana_session
-
- # The lifetime (days) an authenticated user can be inactive before being required to login at next visit. Default is 7 days,
- ;login_maximum_inactive_lifetime_days = 7
-
- # The maximum lifetime (days) an authenticated user can be logged in since login time before being required to login. Default is 30 days.
- ;login_maximum_lifetime_days = 30
-
- # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
- ;token_rotation_interval_minutes = 10
-
- # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
- ;disable_login_form = false
-
- # Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
- ;disable_signout_menu = false
-
- # URL to redirect the user to after sign out
- ;signout_redirect_url =
-
- # Set to true to attempt login with OAuth automatically, skipping the login screen.
- # This setting is ignored if multiple OAuth providers are configured.
- ;oauth_auto_login = false
-
- #################################### Anonymous Auth ######################
- [auth.anonymous]
- # enable anonymous access
- ;enabled = false
-
- # specify organization name that should be used for unauthenticated users
- ;org_name = Main Org.
-
- # specify role for unauthenticated users
- ;org_role = Viewer
-
- #################################### Github Auth ##########################
- [auth.github]
- ;enabled = false
- ;allow_sign_up = true
- ;client_id = some_id
- ;client_secret = some_secret
- ;scopes = user:email,read:org
- ;auth_url = https://github.com/login/oauth/authorize
- ;token_url = https://github.com/login/oauth/access_token
- ;api_url = https://api.github.com/user
- ;team_ids =
- ;allowed_organizations =
-
- #################################### Google Auth ##########################
- [auth.google]
- ;enabled = false
- ;allow_sign_up = true
- ;client_id = some_client_id
- ;client_secret = some_client_secret
- ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
- ;auth_url = https://accounts.google.com/o/oauth2/auth
- ;token_url = https://accounts.google.com/o/oauth2/token
- ;api_url = https://www.googleapis.com/oauth2/v1/userinfo
- ;allowed_domains =
-
- #################################### Generic OAuth ##########################
- [auth.generic_oauth]
- ;enabled = false
- ;name = OAuth
- ;allow_sign_up = true
- ;client_id = some_id
- ;client_secret = some_secret
- ;scopes = user:email,read:org
- ;auth_url = https://foo.bar/login/oauth/authorize
- ;token_url = https://foo.bar/login/oauth/access_token
- ;api_url = https://foo.bar/user
- ;team_ids =
- ;allowed_organizations =
- ;tls_skip_verify_insecure = false
- ;tls_client_cert =
- ;tls_client_key =
- ;tls_client_ca =
-
- ; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
- ; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
- ;send_client_credentials_via_post = false
-
- #################################### Grafana.com Auth ####################
- [auth.grafana_com]
- ;enabled = false
- ;allow_sign_up = true
- ;client_id = some_id
- ;client_secret = some_secret
- ;scopes = user:email
- ;allowed_organizations =
-
- #################################### Auth Proxy ##########################
- [auth.proxy]
- ;enabled = false
- ;header_name = X-WEBAUTH-USER
- ;header_property = username
- ;auto_sign_up = true
- ;ldap_sync_ttl = 60
- ;whitelist = 192.168.1.1, 192.168.2.1
- ;headers = Email:X-User-Email, Name:X-User-Name
-
- #################################### Basic Auth ##########################
- [auth.basic]
- ;enabled = true
-
- #################################### Auth LDAP ##########################
- [auth.ldap]
- ;enabled = false
- ;config_file = /etc/grafana/ldap.toml
- ;allow_sign_up = true
-
- #################################### SMTP / Emailing ##########################
- [smtp]
- enabled = true
- ;host = localhost:25
- ;user =
- # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
- ;password =
- ;cert_file =
- ;key_file =
- ;skip_verify = false
- from_address = admin@{{ grafana_domain }}
- ;from_name = Grafana
- # EHLO identity in SMTP dialog (defaults to instance_name)
- ehlo_identity = {{ grafana_domain }}
-
- [emails]
- welcome_email_on_sign_up = true
-
- #################################### Logging ##########################
- [log]
- # Either "console", "file", "syslog". Default is console and file
- # Use space to separate multiple modes, e.g. "console file"
- ;mode = console file
-
- # Either "debug", "info", "warn", "error", "critical", default is "info"
- ;level = info
-
- # optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
- ;filters =
-
- # For "console" mode only
- [log.console]
- ;level =
-
- # log line format, valid options are text, console and json
- ;format = console
-
- # For "file" mode only
- [log.file]
- ;level =
-
- # log line format, valid options are text, console and json
- ;format = text
-
- # This enables automated log rotate(switch of following options), default is true
- ;log_rotate = true
-
- # Max line number of single file, default is 1000000
- ;max_lines = 1000000
-
- # Max size shift of single file, default is 28 means 1 << 28, 256MB
- ;max_size_shift = 28
-
- # Segment log daily, default is true
- ;daily_rotate = true
-
- # Expired days of log file(delete after max days), default is 7
- ;max_days = 7
-
- [log.syslog]
- ;level =
-
- # log line format, valid options are text, console and json
- ;format = text
-
- # Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
- ;network =
- ;address =
-
- # Syslog facility. user, daemon and local0 through local7 are valid.
- ;facility =
-
- # Syslog tag. By default, the process' argv[0] is used.
- ;tag =
-
- #################################### Alerting ############################
- [alerting]
- # Disable alerting engine & UI features
- ;enabled = true
- # Makes it possible to turn off alert rule execution but alerting UI is visible
- ;execute_alerts = true
-
- # Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
- ;error_or_timeout = alerting
-
- # Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
- ;nodata_or_nullvalues = no_data
-
- # Alert notifications can include images, but rendering many images at the same time can overload the server
- # This limit will protect the server from render overloading and make sure notifications are sent out quickly
- ;concurrent_render_limit = 5
-
- #################################### Explore #############################
- [explore]
- # Enable the Explore section
- ;enabled = true
-
- #################################### Internal Grafana Metrics ##########################
- # Metrics available at HTTP API Url /metrics
- [metrics]
- # Disable / Enable internal metrics
- ;enabled = true
-
- # Publish interval
- ;interval_seconds = 10
-
- # Send internal metrics to Graphite
- [metrics.graphite]
- # Enable by setting the address setting (ex localhost:2003)
- ;address =
- ;prefix = prod.grafana.%(instance_name)s.
-
- #################################### Distributed tracing ############
- [tracing.jaeger]
- # Enable by setting the address sending traces to jaeger (ex localhost:6831)
- ;address = localhost:6831
- # Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
- ;always_included_tag = tag1:value1
- # Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
- ;sampler_type = const
- # jaeger samplerconfig param
- # for "const" sampler, 0 or 1 for always false/true respectively
- # for "probabilistic" sampler, a probability between 0 and 1
- # for "rateLimiting" sampler, the number of spans per second
- # for "remote" sampler, param is the same as for "probabilistic"
- # and indicates the initial sampling rate before the actual one
- # is received from the mothership
- ;sampler_param = 1
-
- #################################### Grafana.com integration ##########################
- # Url used to import dashboards directly from Grafana.com
- [grafana_com]
- ;url = https://grafana.com
-
- #################################### External image storage ##########################
- [external_image_storage]
- # Used for uploading images to public servers so they can be included in slack/email messages.
- # you can choose between (s3, webdav, gcs, azure_blob, local)
- provider = local
-
- [external_image_storage.s3]
- ;bucket =
- ;region =
- ;path =
- ;access_key =
- ;secret_key =
-
- [external_image_storage.webdav]
- ;url =
- ;public_url =
- ;username =
- ;password =
-
- [external_image_storage.gcs]
- ;key_file =
- ;bucket =
- ;path =
-
- [external_image_storage.azure_blob]
- ;account_name =
- ;account_key =
- ;container_name =
-
- [external_image_storage.local]
- # does not require any configuration
-
- [rendering]
- # Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer
- ;server_url =
- ;callback_url =
-
- [enterprise]
- # Path to a valid Grafana Enterprise license.jwt file
- ;license_path =
-
- [panels]
- ;enable_alpha = false
- # If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
- ;disable_sanitize_html = false
|