外题
建议看官方文档:https://docs.pingcap.com/zh/tidb/stable/dashboard-intro
访问地址:pg的IP:2379(pg的端口)/dashboard,http://172.18.3.41:2379/dashboard,目前是通过nginx代理
注意:dashboard只提供统一的访问权限,不提供精细化权限控制,5.3以上可以给自建用户授权访问,5.3以下只能由root用户访问
nginx代理配置
location / {
proxy_pass http://172.18.3.41:2379;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
自建用户授权访问dashboard
官方文档:https://docs.pingcap.com/zh/tidb/stable/dashboard-user
未启用安全增强模式 (SEM)
CREATE USER 'dashboard'@'172.18.%' IDENTIFIED BY 'xxxxxxxxxxxx';
GRANT PROCESS, CONFIG ON *.* TO 'dashboard'@'172.18.%';
GRANT SHOW DATABASES ON *.* TO 'dashboard'@'172.18.%';
GRANT DASHBOARD_CLIENT ON *.* TO 'dashboard'@'172.18.%';
-- 如果要使自定义的 SQL 用户能修改 TiDB Dashboard 界面上的各项配置,可以增加以下权限
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboard'@'172.18.%';
注意:我这边是通过nginx代理访问dashboard,所以用户允许访问的地址,应该是nginx机器所在的网段,并不是客户端访问的公网IP
启用了安全增强模式 (SEM) 时
CREATE USER 'dashboard'@'172.18.%' IDENTIFIED BY 'xxxxxxxxxxxx';
GRANT PROCESS, CONFIG ON *.* TO 'dashboard'@'172.18.%';
GRANT SHOW DATABASES ON *.* TO 'dashboard'@'172.18.%';
GRANT DASHBOARD_CLIENT ON *.* TO 'dashboard'@'172.18.%';
GRANT RESTRICTED_STATUS_ADMIN ON *.* TO 'dashboard'@'172.18.%';
GRANT RESTRICTED_TABLES_ADMIN ON *.* TO 'dashboard'@'172.18.%';
GRANT RESTRICTED_VARIABLES_ADMIN ON *.* TO 'dashboard'@'172.18.%';
-- 如果要使自定义的 SQL 用户能修改 TiDB Dashboard 界面上的各项配置,可以增加以下权限
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'dashboard'@'172.18.%';
注意:我这边是通过nginx代理访问dashboard,所以用户允许访问的地址,应该是nginx机器所在的网段,并不是客户端访问的公网IP