[prometheus-users] Re: Node_exporter 1.7.0 - http_server_config - Strict-Transport-Security

Wed, 17 Jan 2024 00:19:14 -0800 

The YAML parsing error is simply saying that under "http_server_config", 
you cannot put "Strict-Transport-Security".

The documentation says that the only keys allowed under 
"http_server_config" are "http2" and "headers". So it needs to be like this:

http_server_config:
  headers:
    Strict-Transport-Security: <string>

On Wednesday 17 January 2024 at 15:43:06 UTC+8 Alexander Wilke wrote:

> Hello,
>
> I am running:
>
> node_exporter, version 1.7.0 (branch: HEAD, revision: 
> 7333465abf9efba81876303bb57e6fadb946041b)
>   build date:       20231112-23:53:35
>   go version:       go1.21.4
>   platform:         linux/amd64
>   tags:             netgo osusergo static_build
>
>
>
> Vulnerability scan complained that HSTS is not enabled so I wanted to 
> enable it:
>
> tls_server_config:
>   cert_file: "/opt/node_exporter/node_exporter.pem"
>   key_file: "/opt/node_exporter/node_exporter.key"
>
>   min_version: "TLS12"
>   max_version: "TLS13"
>
>   client_auth_type: "NoClientCert"
>
> basic_auth_users:
>         userxxxx: 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
>
> http_server_config:
>   Strict-Transport-Security: max-age=31536000  # 1 year
>
>
> Unfortunately I get this error:
>
> node_exporter: ts=2024-01-17T07:30:04.483Z caller=node_exporter.go:223 
> level=error err="yaml: unmarshal errors:\n  line 14: field 
> Strict-Transport-Security not found in type web.HTTPConfig"
> systemd: node_exporter.service: main process exited, code=exited, 
> status=1/FAILURE
>
>
> I tried to configure it based on this documentation:
> https://prometheus.io/docs/prometheus/latest/configuration/https/
>
> probably I need the other parameters, too like:
> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains; 
> preload 
> How to get this working?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/prometheus-users/dd0e574e-e515-421c-881a-1af7e297e468n%40googlegroups.com.

Reply via email to