For any who may be looking for a solution to this, I found a workaround for using a private CA and simple fix to skip cert validation. The workaround is to volume-map the directory /etc/pki to the docker container running prometheus-nats-exporter. The fix is a one-line change to collector.go. See this issue for details: https://github.com/nats-io/prometheus-nats-exporter/issues/117
On Wed, Jun 10, 2020 at 4:57 PM Mark Leone <[email protected]> wrote: > Thanks, Harald. My deployment environment is fairly restricted. I have no > access to a go build environment, and my nats server is reachable through a > reverse proxy which only accepts https requests. I can access the nats http > endpoint that is behind the proxy, but its URL changes when the nomad job > is re-started, so the proxy is the fixed URL that I need to point to. So I > was hoping to have a way to point the server to an https endpoint while > disabling cert validation, as many servers do, but it seems that capability > was not provided. > > -Mark > > On Wed, Jun 10, 2020 at 4:33 PM Harald Koch <[email protected]> wrote: > >> On Wed, Jun 10, 2020, at 15:29, Mark Leone wrote: >> >> Well, looking at the docker build, there is only a single executable in >> the image, so the CAs are apparently baked in. I tried, just in case, using >> the arg -tlscacert to point to my ca file, but that's advertised as being >> for client connections, and in fact it didn't make any difference. It seems >> this Exporter doesn't support disabling SSL verification or specifying a >> custom CA for connecting to a NATS server. Unfortunately, I can't use it in >> that case. If anyone knows a way around this, or a different nats exporter >> that doesn't have this limitation, please let me know. >> >> >> 1) The exporter source is on github. >> https://github.com/nats-io/prometheus-nats-exporter >> >> 2) The documentation there says it can talk to a NATS server over HTTP - >> which is effectively the same as using HTTPS but disabling certificate >> validation. >> >> -- >> Harald >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-users/ea36b168-846b-4388-b9dd-5b581a1ff251%40www.fastmail.com >> <https://groups.google.com/d/msgid/prometheus-users/ea36b168-846b-4388-b9dd-5b581a1ff251%40www.fastmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/CAFHj5BfPvit4SSVpPs%3DeR3Ag_8pMVTy%3DVU_41aBcap_R90vg0w%40mail.gmail.com.
