Setup Metabase in Centos7 with reverse proxy

I am running metabase on Centos7 server. I have installed apache to serve http requests. I have a few html files in my /var/www/html directory which I am using to embed metabase dashboard as an iframe.

@kjkrupal
You should not run on 0.0.0.0 - that means Metabase will be available on all networks (also your outside network). You should run it locally 127.0.0.1 and then your reverse proxy can see it locally and host it to the outside.
If you did a search, you’ll find many forum posts about it. Here’s a documentation for using mod_proxy:
https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-centos-7

Hi @flamber, I do not know why is it running on 0.0.0.0. How do I change it?

@kjkrupal Could it be that you specified the MB_JETTY_HOST=0.0.0.0 in the environment variables?

No @flamber, I have put my hosts ip address in the environment file.

Hi @flamber, I got it running. I get the metabase login page, however nothing happens when I login. When I refresh the page it says that /auth/login not found on this server.

What is the issue here?

@kjkrupal You need to use 127.0.0.1, since you don’t want Metabase accessible from the outside, only locally on the server, which Apache will then reference.
Are you running Metabase on it’s own sub-domain like metabase.example.com or as non-root path like example.com/metabase/ ?

@flamber, I want to run it as non-root path.

@kjkrupal I don’t use Apache, but you need to adjust your configuration for the subdirectory.
I would guess something like this:

ProxyPass /metabase/ http://localhost:3000/
ProxyPassReverse /metabase/ http://localhost:3000/

Otherwise you might find better help on stackoverflow.com, since it doesn’t really have anything to do with Metabase.

@flamber it worked. However when I am trying to generate the public dashboard link, it gives a link as http://localhost:3000/…

How to workaround that?

@kjkrupal Yes, update the Site URL in Admin > Settings > General

@flamber, thank you for bearing with me. I have everything up and running. Finally!!!

Hi, anyone tried with nginx? I have problem to setup with nginx as non-root but it’s work for apache

@i2cute
If you search the forum, you’ll find multiple examples.
But post your Nginx config - and which version of Metabase.

Yes… but the page keep display blank. I am using Metabase 0.33.6

my nginx configuration as below:-
server {
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
server_name xxxx.xxxx.xxxx.com.my; # managed by Certbot
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location /metabase/ {
	proxy_pass http://10.1.1.18:3000;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}

}

image

@i2cute Check your Nginx logs and browser console, when testing. My first guess is that you’re missing a slash in the end of proxy_pass:

location /metabase/ {
  proxy_pass http://10.1.1.18:3000/;
}

And you might want to add this to http { ... } or server { ... } section:

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Referer "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_read_timeout 600s;
proxy_send_timeout 600s;

@flamber Thanks so much :heart: :grinning:

@i2cute Please post your final config (redacted of course, like before) - then you’ll help others, if they search for similar problem.

Here is my final configuration:-

server {
    listen       443 ssl http2 ;
    listen       [::]:443 ssl http2 ;
	server_name xxxx.xxxx.xxxx.com.my; # managed by Certbot
    root         /usr/share/nginx/html;
	ssl_certificate /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/xxxx.xxxx.xxxx.com.my/privkey.pem; # managed by Certbot
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location /metabase1/ {
	proxy_pass http://10.1.1.18:3000/;
	}

    location /metabase2/ {
	proxy_pass http://192.168.3.4:3000/;
	}

	error_page 404 /404.html;
	location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	}

}

1 Like