On 11.06.21 04:11, techy wrote: > - Under tls_config, there are options to specify ca_file and cert_file & > key_file in prometheus.yml. Can anyone clarify what has to be mentioned > here? > - Also, somewhere mentioned about --web.config.file. > https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md > What is this for? > - Am I right thinking that, there is no code changes to enable TLS for > pushgateway except changing the pushgateway url to use https?
The server-side TLS support is always done using the same building blocks, and how to configure those is described in that file you linked, i.e. https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md Note that "server" is meant in the network sense here. Ironically, the Prometheus server doesn't act as such a server during metrics collection. The Prometheus server is a TCP/HTTP(S) _client_ scraping /metrics endpoint which are served by an TCP/HTTP(S) _server_. With the Pushgateway in the game, things are getting even spicier, because pushing to the Pushgateway happens by a _client_ pushing to a _server_ (the Pushgateway), and then the Pushgateway is scraped by the Prometheus "server", so from the network perspective, the Pushgateway acts as a server _twice_. The Push: [Pushing binary] --CLIENT-----HTTP(S)-----SERVER--> [Pushgateway] The Scrape: [Pushgateway] <--SERVER------HTTP(S)------CLIENT-- [Prometheus] With TLS, the client-side config is usually the simple part. You mostly just change the URL from http:// to https:// (YMMV). The server side is where dragons are. In your case, you need to configure the Pushgateway for that, see https://github.com/prometheus/pushgateway#tls-and-basic-authentication , which (unsurprisingly) points back to https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md . Once you have configured the Pushgateway appropriately, buth pushing and scraping should "just work". -- Björn Rabenstein [PGP-ID] 0x851C3DA17D748D03 [email] [email protected] -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/20210618225335.GW3670%40jahnn.
