Hi,
Based on this article it’s possible to set /metrics to enable prometheus fetch, but it’s not possible to secure it with an auth.
Is there a way to do it ? With stats auth ... the stats page is protected but not /metrics one
Here’s my config for the stats
frontend stats
mode http
bind *:9000 ssl crt /usr/local/etc/certs/
stats enable
stats auth prometheus:1234
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST
http-request use-service prometheus-exporter if { path /metrics }
Version: HAProxy version 2.8.3-86e043a, released 2023/09/07
Markus
2
looks like my config for stats page. only thing missing is stats realm
stats realm Haproxy\ Statistics
not sure if this is needed?
It’s needed because I don’t want anybody to access stats page and I would like the same for metrics endpoint
Hey, I figured out how to add authentication to /metrics and ACL to /.
frontend stats
bind *:8404
stats enable
stats uri /
stats refresh 10s
http-request auth unless { http_auth(mycredentials) }
# Add authentication for /metrics
acl metrics_path path /metrics
http-request auth realm Metrics if metrics_path { http_auth(mycredentials) }
http-request use-service prometheus-exporter if { path /metrics }
userlist mycredentials
user actor insecure-password actorpassword
1 Like