I'm trying to fix an issue with my Grafana Powerwall Dashboard, where a iframe seems to not be upgrading to https.
For example with HTTP (where everything is working):
And then when I enable HTTPS (frame doesn't load):
Using curl with http, I get a response:
curl -vvv http://grafana.bsmt-srv1.home.arpa:8675/
* Connected to grafana.bsmt-srv1.home.arpa (192.168.50.252) port 8675
> GET / HTTP/1.1
> Host: grafana.bsmt-srv1.home.arpa:8675
> User-Agent: curl/8.4.0
> Accept: */*
> * HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: BaseHTTP/0.6 Python/3.10.13
< Date: Tue, 07 Nov 2023 09:01:49 GMT
As opposed to HTTPS where:
curl -vvv https://grafana.bsmt-srv1.home.arpa:8675/
* Trying 192.168.50.252:8675...
* Connected to grafana.bsmt-srv1.home.arpa (192.168.50.252) port 8675
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* OpenSSL/3.1.4: error:0A00010B:SSL routines::wrong version number
* Closing connection
curl: (35) OpenSSL/3.1.4: error:0A00010B:SSL routines::wrong version number
I think what is happening is when I visit https://grafana.bsmt-srv1.home.arpa it's trying to connect to the pypowerwall container on https://grafana.bsmt-srv1.home.arpa:8675 which is serving the frame only on http. Due to some cross-origin issue it doesn't appear (but the rest of grafana works).
These are the two container definitions that I have:
pypowerwall:
image: jasonacox/pypowerwall:latest
container_name: pypowerwall
hostname: pypowerwall
restart: always
ports:
- target: 8675
published: 8675
# host_ip: 127.0.0.1
mode: host
env_file:
- pypowerwall.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.pypowerwall.tls=true"
- "traefik.http.routers.pypowerwall.tls.certresolver=stepca"
- "traefik.http.routers.pypowerwall.rule=Host(`pypowerwall.$MY_DOMAIN`)"
- "traefik.http.routers.pypowerwall.entrypoints=websecure"
- "traefik.http.services.pypowerwall.loadbalancer.server.port=8675"
grafana:
image: grafana/grafana:9.1.2-ubuntu
container_name: grafana
hostname: grafana
restart: always
user: "1003:1003"
volumes:
- type: bind
source: /mnt/container_data/grafana
target: /var/lib/grafana
ports:
- target: 9000
published: 9000
host_ip: 127.0.0.1
mode: host
env_file:
- grafana.env
depends_on:
- influxdb
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=stepca"
- "traefik.http.routers.grafana.rule=Host(`grafana.$MY_DOMAIN`)"
- "traefik.http.routers.grafana-websocket.rule=Host(`grafana.$MY_DOMAIN`) && Path(`/api/live/ws`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=9000"
- "traefik.http.middlewares.cors.headers.customResponseHeaders.Access-Control-Allow-Origin=*"
- "traefik.http.routers.grafana.middlewares=cors"
I tried with the traefik.http.middlewares.cors.headers.customResponseHeaders
and traefik.http.routers.grafana.middlewares
options to see if that would fix things but it didn't.
Anyone know what I need to do to make the iframe also https?
There was this thread SSL / HTTPS proxy · jasonacox/Powerwall-Dashboard · Discussion #215 · GitHub but nobody seemed to know what to do with Traefik.