Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL/TLS Encryption Support #393

Open
chanyongkit opened this issue Nov 17, 2024 · 7 comments
Open

SSL/TLS Encryption Support #393

chanyongkit opened this issue Nov 17, 2024 · 7 comments
Labels
enhancement New feature or request

Comments

@chanyongkit
Copy link

chanyongkit commented Nov 17, 2024
edited
Loading

Feature Description

Implement SSL Encryption for the endpoints exposed to Prometheus. This feature would include the ability to configure CA certs and optionally enable SSL/TLS.

Implementation: chanyongkit@3f7679a

Version of logstash-exporter this feature request applies to

v1

Motivation and Goals

Due to certain regulatory reasons I'm unable to use reverse proxy and hence need an OOTB solution to encrypt traffic to Prometheus.

Alternatives Considered

  1. Reverse Proxy

Additional Context

No response
@chanyongkit chanyongkit added the enhancement New feature or request label Nov 17, 2024
@satk0
Copy link
Collaborator

satk0 commented Nov 21, 2024

Nice, can you make a PR for it? Your commit looks cool, thanks for contrib ;)

@michael-doubez
Copy link

It is part of prometheus exporter-toolkit github.com/prometheus/exporter-toolkit/web

Usual change is aabout using web.Listen instead of server.Listen.

import (
    ...
    "github.com/prometheus/exporter-toolkit/web")

...


webcfgFile    = cmdLine.String("web.config", "", "Path to config yaml file that can enable TLS or authentication.")
....
web.ListenAndServe(server, *webcfgFile, logger); err != nil { ...
```

@michael-doubez
Copy link

michael-doubez commented Dec 4, 2024
edited
Loading

Well, still waiting for prometheus/exporter-toolkit#151 to avoid blocking /ready.

@satk0
Copy link
Collaborator

satk0 commented Dec 10, 2024

Oh, so are you suggesting that we should use the exporter-toolkit approach? Seems cool, @kuskoman could you please check this out?

@kuskoman
Copy link
Owner

@satk0 you can research it. for v2 it should not be a problem, just try not to break hot reload (if you want to do that)
for v1 we should not do any breaking changes, so you must ensure, that without any additional configuration the app will behave exactly the same

@kuskoman
Copy link
Owner

@chanyongkit @michael-doubez I checked out this library and it is not a stable one and would break existing behaviour for v1. I don't see any possibility of implementing it for v1. It also relies on its own config file, while the convention for v1 was to use environment variables. I can consider using it for v2 in the future, but currently it seems to be lacking documentation, so I am waiting for it to be more mature to reconsider it.

@kuskoman kuskoman added wontfix This will not be worked on and removed wontfix This will not be worked on labels Dec 16, 2024
@kuskoman
Copy link
Owner

i actually misunderstood the context, @chanyongkit feel free to create a PR with this kind of configuration. as long as we don't break or change existing functionality this seems fine
the comment above is about prometheus toolkit

@kuskoman kuskoman mentioned this issue Dec 19, 2024
Open
satk0 added a commit to satk0/logstash-exporter that referenced this issue Dec 19, 2024
@satk0
Add HTTP tls (issue kuskoman#393)
2c40985
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@michael-doubez @kuskoman @chanyongkit @satk0