Deployment

Signed as Private Plugin

Plugin is signed as a Private plugin using the default domain http://localhost:3000.

If you are using a custom domain URL, there are various options depending on your deployment.

NGINX Reverse proxy

We recommend using NGINX in front of the Grafana for an extra level of protection. It allows keeping the default domain and redirecting requests.

Unsigned plugin

Take a look at Allow Unsigned Plugins section in the Grafana Crash Course.

Build plugin and sign

Requirements

Go 1.22 and Node.js version 20.

You can build and sign the plugin manually following instructions.

npm install
npm run build
npm run build:backend
npx --yes @grafana/sign-plugin@latest --rootUrls http://CUSTOM-DOMAIN-URL/

Security Guidelines

To stay out of trouble, Grafana Core chose not to support the environment variables at this time. Yet, many industrial cases require the ability to display environment variables, for instance, in cases where the goal is to manage numerous remote devices (for example, IoT networks).

To make the Environmental data source secure, you can restrict the variables that are allowed to be shown in the Environment data source configuration. For the endless possibilities, the filter utilizes a regex pattern.

Use the Regex pattern to restrict the available environment variables.

NGINX Reverse proxy​

Unsigned plugin​

Build plugin and sign​

Security Guidelines​

NGINX Reverse proxy

Unsigned plugin

Build plugin and sign

Security Guidelines