-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
hingus2000
Member
This is very cool.
How do you change what appears on your overview page? Is it a simple option within Grafana or more coding?
I can now see grafana.mydomain.com on the Tesla browser but Teslamate.mydomain.com is still doing the 401 Unauthorized error on a blank screen
On opening the grafana.mydomain.com I first had the Grafana login page that you need to provide with grafana login credentials. Is the grafana.mydomain.com then not behind Let’s Encrypt login like teslamate.mydomain.com is?
Last edited:
hingus2000
Member
Grafana is just a username / password for grafana itself, the TeslaMate one requires the .htpasswd details entered, looks like they have been ignored / cancelled which is why you’re not authorised now.
Not tried clearing the cache in the cars browser, but bet that will sort it
Yes, it all works pretty well now. Forms auth is a little picky with its options, but it's all good.
I was already running an Apache server with vhosts, so my set-up is similar to the "Apache2" advanced install instructions, with the following change to use forms auth instead:
Code:
<Proxy *>
AuthFormProvider file
AuthUserFile /etc/apache2/.htpasswd
AuthType Form
AuthName "Password Required"
ErrorDocument 401 /auth/login.html
AuthFormLoginSuccessLocation https://teslamate.mydomain.com/
Session On
SessionCookieName session path=/
Require valid-user
</Proxy>eh, how can I clear the cache in my Tesla browserGrafana is just a username / password for grafana itself, the TeslaMate one requires the .htpasswd details entered, looks like they have been ignored / cancelled which is why you’re not authorised now.
Not tried clearing the cache in the cars browser, but bet that will sort it
?And I should change the grafana credentials from admin/admin so it is more secure
?
Noticed a few posts to do with securing access to TeslaMate installs people have which are internet facing.
Are you remembering to lock down the MQTT broker and non-secured default MQTT port as well?
I’m not running in a cloud instance, just inside my network and in Docker. I can tell you that by default any MQTT client will be able to connect without any authentication and subscribe to all topics. In layman’s terms this means get all of the data which TeslaMate publishes to the MQTT broker, which isn’t everything you see in Grafana but does cover the core data about the car, it’s location and it’s state.
It may be you have it covered by other cloud instance config you’re doing but mentioning in case you were unaware.
Simple option if unsure is not starting the MQTT broker assuming you aren’t using it.
I know some people may use the MQTT interface for integration with Home Assistant.
I’m personally using the MQTT interface for some app prototyping so happened to notice its default configuration.
Are you remembering to lock down the MQTT broker and non-secured default MQTT port as well?
I’m not running in a cloud instance, just inside my network and in Docker. I can tell you that by default any MQTT client will be able to connect without any authentication and subscribe to all topics. In layman’s terms this means get all of the data which TeslaMate publishes to the MQTT broker, which isn’t everything you see in Grafana but does cover the core data about the car, it’s location and it’s state.
It may be you have it covered by other cloud instance config you’re doing but mentioning in case you were unaware.
Simple option if unsure is not starting the MQTT broker assuming you aren’t using it.
I know some people may use the MQTT interface for integration with Home Assistant.
I’m personally using the MQTT interface for some app prototyping so happened to notice its default configuration.
lost some of my text in that last post......
For cloud instances where you normally have to configure its firewall to explicitly allow ports to be forwarded or exposed you’ll be fine if you aren’t exposing port 1883.
The default docker-compose file for TeslaMate exposes the MQTT docker containers port 1883 to the host that is running docker. So only an issue if people are exposing all the ports shown in the docker compose for their cloud instance.
It’s ok to expose MQTT, just make sure you add authentication to it and also add SSL/TLS for it. If you need to use MQTT you’ll likely know enough to know what that means!
Thanks for this (and the above post).
In the config we've used, it has this section for Mosquito
Code:
mosquitto:
image: eclipse-mosquitto:1.6
restart: always
ports:
- 127.0.0.1:1883:1883
volumes:
- mosquitto-conf:/mosquitto/config
- mosquitto-data:/mosquitto/dataBut then I think we are only allowing http and https in - Is there a simple way to try and connect to it and see?
Prof Dr Google says:
To clear the history/cookies, re-start the centre console by pressing on the two steering scroll wheel buttons for 10 seconds. Also, when an update is applied to the car, it will also clear your history/cookies.
Similar threads
