2019-11-16 00:12:57 +01:00
|
|
|
# HTTPS Package for Prometheus
|
|
|
|
|
|
2020-04-27 19:19:09 +02:00
|
|
|
The `https` directory contains a Go package and a sample configuration file for
|
|
|
|
|
running `node_exporter` with HTTPS instead of HTTP. We currently support TLS 1.3
|
|
|
|
|
and TLS 1.2.
|
|
|
|
|
|
|
|
|
|
To run a server with TLS, use the flag `--web.config`.
|
2019-11-16 00:12:57 +01:00
|
|
|
|
|
|
|
|
e.g. `./node_exporter --web.config="web-config.yml"`
|
|
|
|
|
If the config is kept within the https directory.
|
|
|
|
|
|
|
|
|
|
The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.
|
|
|
|
|
|
2020-02-20 23:41:14 +01:00
|
|
|
## Sample Config
|
2020-04-25 13:42:45 +02:00
|
|
|
|
2019-11-16 00:12:57 +01:00
|
|
|
```
|
2020-04-25 13:42:45 +02:00
|
|
|
tls_config:
|
2019-11-16 00:12:57 +01:00
|
|
|
# Certificate and key files for server to use to authenticate to client
|
2020-04-25 13:42:45 +02:00
|
|
|
cert_file: <filename>
|
|
|
|
|
key_file: <filename>
|
2019-11-16 00:12:57 +01:00
|
|
|
|
|
|
|
|
# Server policy for client authentication. Maps to ClientAuth Policies
|
|
|
|
|
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
|
2020-04-25 13:42:45 +02:00
|
|
|
[ client_auth_type: <string> | default = "NoClientCert" ]
|
2019-11-16 00:12:57 +01:00
|
|
|
|
|
|
|
|
# CA certificate for client certificate authentication to the server
|
2020-04-25 13:42:45 +02:00
|
|
|
[ client_ca_file: <filename> ]
|
2019-11-16 00:12:57 +01:00
|
|
|
```
|
