Prometheus : Enable authentication and HTTPS2022/09/09 |
Enable basic authentication and HTTPS for Prometheus endpoint.
|
|
[1] |
Get SSL Certificate, or
Create self-signed Certificate.
It uses self signed Certificate on this example. |
[2] | Configure Prometheus. |
root@dlp:~#
apt -y install apache2-utils # generate password with bcrypt hash # set any username you like root@dlp:~# htpasswd -nB admin New password: Re-type new password: admin:$2y$05$6fZn5Gp0JaJFxBUFVu3TFev3rHY8i2qC7IjAybL6VLeD..zbVgUqy
root@dlp:~#
cp /etc/ssl/private/{server.crt,server.key} /etc/prometheus/ root@dlp:~# chown prometheus. /etc/prometheus/{server.crt,server.key}
root@dlp:~#
vi /etc/prometheus/web.yml # create new # specify your certificate tls_server_config: cert_file: server.crt key_file: server.key # specify username and password generated above basic_auth_users: admin: $2y$05$6fZn5Gp0JaJFxBUFVu3TFev3rHY8i2qC7IjAybL6VLeD..zbVgUqy
root@dlp:~#
vi /etc/default/prometheus # line 5 : add ARGS="--web.config.file=/etc/prometheus/web.yml"
root@dlp:~#
vi /etc/prometheus/prometheus.yml ..... ..... scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: "prometheus" # Override the global default and scrape targets from this job every 5 seconds. scrape_interval: 5s scrape_timeout: 5s # metrics_path defaults to '/metrics' # scheme defaults to 'http'. # add settings for certificate and authentication scheme: https tls_config: cert_file: /etc/prometheus/server.crt key_file: /etc/prometheus/server.key # if using self-signed certificate, set [true] insecure_skip_verify: true basic_auth: username: 'admin' password: 'password' static_configs: # if using valid certificate, set the same hostname in certificate - targets: ["localhost:9090"]root@dlp:~# systemctl restart prometheus
|
[3] | Access to Prometheus endpoint via HTTPS, then that's OK if you can successfully authenticate with the username and password you set. |
Sponsored Link |