Setup Metabase in Centos7 with reverse proxy

kjkrupal · November 27, 2019, 8:35pm

I am running metabase on Centos7 server. I have installed apache to serve http requests. I have a few html files in my /var/www/html directory which I am using to embed metabase dashboard as an iframe.

flamber · November 27, 2019, 8:39pm

@kjkrupal
You should not run on 0.0.0.0 - that means Metabase will be available on all networks (also your outside network). You should run it locally 127.0.0.1 and then your reverse proxy can see it locally and host it to the outside.
If you did a search, you’ll find many forum posts about it. Here’s a documentation for using mod_proxy:
https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-centos-7

kjkrupal · November 27, 2019, 8:40pm

Hi @flamber, I do not know why is it running on 0.0.0.0. How do I change it?

flamber · November 27, 2019, 8:43pm

@kjkrupal Could it be that you specified the MB_JETTY_HOST=0.0.0.0 in the environment variables?

kjkrupal · November 27, 2019, 8:56pm

No @flamber, I have put my hosts ip address in the environment file.

kjkrupal · November 27, 2019, 9:17pm

Hi @flamber, I got it running. I get the metabase login page, however nothing happens when I login. When I refresh the page it says that /auth/login not found on this server.

What is the issue here?

flamber · November 27, 2019, 9:22pm

@kjkrupal You need to use 127.0.0.1, since you don’t want Metabase accessible from the outside, only locally on the server, which Apache will then reference.
Are you running Metabase on it’s own sub-domain like metabase.example.com or as non-root path like example.com/metabase/ ?

kjkrupal · November 27, 2019, 9:23pm

@flamber, I want to run it as non-root path.

flamber · November 27, 2019, 9:36pm

@kjkrupal I don’t use Apache, but you need to adjust your configuration for the subdirectory.
I would guess something like this:

ProxyPass /metabase/ http://localhost:3000/
ProxyPassReverse /metabase/ http://localhost:3000/

Otherwise you might find better help on stackoverflow.com, since it doesn’t really have anything to do with Metabase.

kjkrupal · November 27, 2019, 9:57pm

@flamber it worked. However when I am trying to generate the public dashboard link, it gives a link as http://localhost:3000/…

How to workaround that?

flamber · November 27, 2019, 10:00pm

@kjkrupal Yes, update the Site URL in Admin > Settings > General

kjkrupal · November 27, 2019, 10:08pm

@flamber, thank you for bearing with me. I have everything up and running. Finally!!!

i2cute · December 14, 2019, 2:25am

Hi, anyone tried with nginx? I have problem to setup with nginx as non-root but it’s work for apache

flamber · December 14, 2019, 2:42am

@i2cute
If you search the forum, you’ll find multiple examples.
But post your Nginx config - and which version of Metabase.

i2cute · December 14, 2019, 3:53am

Yes... but the page keep display blank. I am using Metabase 0.33.6

my nginx configuration as below:-
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
server_name xxxx.xxxx.xxxx.com.my; # managed by Certbot
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location /metabase/ {
	proxy_pass http://10.1.1.18:3000;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}

}

flamber · December 14, 2019, 4:12am

@i2cute Check your Nginx logs and browser console, when testing. My first guess is that you’re missing a slash in the end of proxy_pass:

location /metabase/ {
  proxy_pass http://10.1.1.18:3000/;
}

And you might want to add this to http { ... } or server { ... } section:

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Referer "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_read_timeout 600s;
proxy_send_timeout 600s;

i2cute · December 14, 2019, 4:36am

@flamber Thanks so much

flamber · December 14, 2019, 4:38am

@i2cute Please post your final config (redacted of course, like before) - then you’ll help others, if they search for similar problem.

i2cute · December 14, 2019, 4:52am

Here is my final configuration:-

server {
    listen       443 ssl http2 ;
    listen       [::]:443 ssl http2 ;
	server_name xxxx.xxxx.xxxx.com.my; # managed by Certbot
    root         /usr/share/nginx/html;
	ssl_certificate /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/privkey.pem; # managed by Certbot
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location /metabase1/ {
	proxy_pass http://10.1.1.18:3000/;
	}

    location /metabase2/ {
	proxy_pass http://192.168.3.4:3000/;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}

}