Grafana with Screenly OSE

To use Grafana Bearer tokens you need to be able to inject headers which you can’t do in the OSS version of Screenly. To get around this you can just run a NGiNX proxy on the host and reverse proxy to the Grafana server and use NGiNX to inject the required headers. I HAVEN’T TESTED THIS YET ON SCREENLY OSE, BUT SINCE IT’S JUST RUNNING ON RAPSBERRY PI OS THERE SHOULDN’T BE AN ISSUE, I WILL BE TESTING EVENTUALLY

Proxy website through NGiNX to get on the TOR network

This tutorial assumings the set up below NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE Install Tor apt install tor Configure Tor nano /etc/tor/torrc Add the lines below to the file above HiddenServiceDir /var/lib/tor/ HiddenServicePort 80 Find Tor hostname cat /var/lib/tor/ Now it’s time to configure NGiNX

Keycloak behind NGiNX

Configure NGiNX nano /etc/nginx/conf.d/ server { listen 443 ssl http2; server_name; ssl_certificate /etc/nginx/ssl/; ssl_certificate_key /etc/nginx/ssl/; ssl_session_timeout 5m; location / { proxy_pass; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } Configure Keycloak The following is needs to be ran for Keycloak to work behind nginx cd bin ./ 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)' ./ 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)' 4 ./ 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'