Skip to main content

Using external URLs and proxies with Prometheus

Sometimes users will not access Prometheus's UI directly, instead using another URL. How do you make this work?
The Prometheus web UI, such as the expression browser, depends on it being accessed on the same URL on which Prometheus itself is listening. This is as Prometheus needs to know where assets such as Javascript are and what URL to use in any links or redirects. If Prometheus is behind a reverse proxy, particularly one where Prometheus is not at the root, this doesn't work so well.
The good news is that Prometheus has features to cover this exact use case, and the Alertmanager also has the exact same features. This is primarily configured by the --web.external-url flag.
Let's say you have Prometheus running on it's usual port, and Nginx installed with the following configuration:
http {
 server {
   listen 0.0.0.0:19090;
   location /prometheus/ {
     proxy_pass http://localhost:9090/prometheus/;
   }
 }
}
events {
}
This configuration would serve Prometheus up on http://localhost:19090/prometheus/, and Nginx will include the /prometheus/ prefix when passing on requests to Prometheus. To make this work you'd need to run Prometheus like:
prometheus --web.external-url http://localhost:19090/prometheus/
You should be aware that with this external URL, the /prometheus/ path prefix will be required for all HTTP access to Prometheus. The /metrics will be on http://localhost:9090/prometheus/metrics for example.

In reality you wouldn't just be serving up Prometheus up on a different port on the local machine as in this demonstration. It'll likely be via a more human-readable DNS name, and possibly with HTTPS and other features in use. The principles all remain the same though!
Labels:

Comments

Post a Comment

https://gengwg.blogspot.com/

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...
Post a Comment
Read more

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...
2 comments
Read more