app/vmauth: improve docs a bit after 323f3720ed

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5240
This commit is contained in:
Aliaksandr Valialkin 2023-11-11 12:46:57 +01:00
parent bf12a49087
commit 76384b6d28
No known key found for this signature in database
GPG Key ID: A72BEC6CD3D0DED1
4 changed files with 16 additions and 9 deletions

View File

@ -182,12 +182,12 @@ users:
url_prefix: "http://localhost:8428?extra_label=team=dev" url_prefix: "http://localhost:8428?extra_label=team=dev"
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password) # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
# are proxied to http://localhost:8428 with extra_label=team=dev query arg. # are proxied to https://localhost:8428.
# For example, http://vmauth:8427/api/v1/query is routed to https://localhost/api/v1/query?extra_label=team=dev # For example, http://vmauth:8427/api/v1/query is routed to https://localhost/api/v1/query
# TLS verification is skipped for https://localhost. # TLS verification is skipped for https://localhost.
- username: "local-single-node-with-tls" - username: "local-single-node-with-tls"
password: "***" password: "***"
url_prefix: "https://localhost?extra_label=team=test" url_prefix: "https://localhost"
tls_insecure_skip_verify: true tls_insecure_skip_verify: true
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password) # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
@ -266,7 +266,6 @@ unauthorized_user:
- http://vmselect-az1/?deny_partial_response=1 - http://vmselect-az1/?deny_partial_response=1
- http://vmselect-az2/?deny_partial_response=1 - http://vmselect-az2/?deny_partial_response=1
retry_status_codes: [503, 500] retry_status_codes: [503, 500]
tls_insecure_skip_verify: true
ip_filters: ip_filters:
allow_list: ["1.2.3.0/24", "127.0.0.1"] allow_list: ["1.2.3.0/24", "127.0.0.1"]

View File

@ -42,6 +42,15 @@ users:
password: "***" password: "***"
url_prefix: "http://localhost:8428?extra_label=team=dev" url_prefix: "http://localhost:8428?extra_label=team=dev"
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
# are proxied to https://localhost:8428
# For example, http://vmauth:8427/api/v1/query is routed to https://localhost/api/v1/query
# TLS verification is ignored for https://localhost.
- username: "local-single-node-with-tls"
password: "***"
url_prefix: "https://localhost"
tls_insecure_skip_verify: true
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password) # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
# are load-balanced among http://vmselect1:8481/select/123/prometheus and http://vmselect2:8481/select/123/prometheus # are load-balanced among http://vmselect1:8481/select/123/prometheus and http://vmselect2:8481/select/123/prometheus
# For example, http://vmauth:8427/api/v1/query is proxied to the following urls in a round-robin manner: # For example, http://vmauth:8427/api/v1/query is proxied to the following urls in a round-robin manner:

View File

@ -79,7 +79,7 @@ The sandbox cluster installation is running under the constant load generated by
* FEATURE: [vmalert-tool](https://docs.victoriametrics.com/#vmalert-tool): add `unittest` command to run unittest for alerting and recording rules. See [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4789) for details. * FEATURE: [vmalert-tool](https://docs.victoriametrics.com/#vmalert-tool): add `unittest` command to run unittest for alerting and recording rules. See [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4789) for details.
* FEATURE: dashboards/vmalert: add new panel `Missed evaluations` for indicating alerting groups that miss their evaluations. * FEATURE: dashboards/vmalert: add new panel `Missed evaluations` for indicating alerting groups that miss their evaluations.
* FEATURE: all: track requests with wrong auth key and wrong basic auth at `vm_http_request_errors_total` [metric](https://docs.victoriametrics.com/#monitoring) with `reason="wrong_auth_key"` and `reason="wrong_basic_auth"`. See [this issue](https://github.com/victoriaMetrics/victoriaMetrics/issues/4590). Thanks to @venkatbvc for the [pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5166). * FEATURE: all: track requests with wrong auth key and wrong basic auth at `vm_http_request_errors_total` [metric](https://docs.victoriametrics.com/#monitoring) with `reason="wrong_auth_key"` and `reason="wrong_basic_auth"`. See [this issue](https://github.com/victoriaMetrics/victoriaMetrics/issues/4590). Thanks to @venkatbvc for the [pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5166).
* FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add `tls_insecure_skip_verify` parameter which allows to disable TLS verification for backend connection. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5240). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add `tls_insecure_skip_verify` parameter which can be set on a per-user level to disable TLS verification for backend connections. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5240).
* FEATURE: `vmstorage`: add `-blockcache.missesBeforeCaching` command-line flag, which can be used for fine-tuning RAM usage for `indexdb/dataBlocks` cache when queries touching big number of time series are executed. * FEATURE: `vmstorage`: add `-blockcache.missesBeforeCaching` command-line flag, which can be used for fine-tuning RAM usage for `indexdb/dataBlocks` cache when queries touching big number of time series are executed.
* FEATURE: add `-loggerMaxArgLen` command-line flag for fine-tuning the maximum lengths of logged args. * FEATURE: add `-loggerMaxArgLen` command-line flag for fine-tuning the maximum lengths of logged args.

View File

@ -193,12 +193,12 @@ users:
url_prefix: "http://localhost:8428?extra_label=team=dev" url_prefix: "http://localhost:8428?extra_label=team=dev"
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password) # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
# are proxied to http://localhost:8428 with extra_label=team=dev query arg. # are proxied to https://localhost:8428.
# For example, http://vmauth:8427/api/v1/query is routed to https://localhost/api/v1/query?extra_label=team=dev # For example, http://vmauth:8427/api/v1/query is routed to https://localhost/api/v1/query
# TLS verification is skipped for https://localhost. # TLS verification is skipped for https://localhost.
- username: "local-single-node-with-tls" - username: "local-single-node-with-tls"
password: "***" password: "***"
url_prefix: "https://localhost?extra_label=team=test" url_prefix: "https://localhost"
tls_insecure_skip_verify: true tls_insecure_skip_verify: true
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password) # All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
@ -277,7 +277,6 @@ unauthorized_user:
- http://vmselect-az1/?deny_partial_response=1 - http://vmselect-az1/?deny_partial_response=1
- http://vmselect-az2/?deny_partial_response=1 - http://vmselect-az2/?deny_partial_response=1
retry_status_codes: [503, 500] retry_status_codes: [503, 500]
tls_insecure_skip_verify: true
ip_filters: ip_filters:
allow_list: ["1.2.3.0/24", "127.0.0.1"] allow_list: ["1.2.3.0/24", "127.0.0.1"]