Basic auth for /metrics endpoint in stats

cgi-bin · October 20, 2023, 5:24pm

Hi,

Based on this article it’s possible to set /metrics to enable prometheus fetch, but it’s not possible to secure it with an auth.

Is there a way to do it ? With stats auth ... the stats page is protected but not /metrics one

Here’s my config for the stats

frontend stats
  mode http
  bind *:9000 ssl crt /usr/local/etc/certs/
  stats enable
  stats auth prometheus:1234
  stats uri /stats
  stats refresh 10s
  stats admin if LOCALHOST
  http-request use-service prometheus-exporter if { path /metrics }

Version: HAProxy version 2.8.3-86e043a, released 2023/09/07

Markus · October 23, 2023, 8:44am

looks like my config for stats page. only thing missing is stats realm

stats realm Haproxy\ Statistics

not sure if this is needed?

cgi-bin · October 23, 2023, 5:25pm

It’s needed because I don’t want anybody to access stats page and I would like the same for metrics endpoint