mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-12-16 00:41:24 +01:00
22aeeeef3e
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4084
This is a follow-up for 041e188df8
114 lines
5.3 KiB
YAML
114 lines
5.3 KiB
YAML
# Arbitrary number of usernames may be put here.
|
|
# It is possible to set multiple identical usernames with different passwords.
|
|
# Such usernames can be differentiated by `name` option.
|
|
|
|
users:
|
|
# Requests with the 'Authorization: Bearer XXXX' and 'Authorization: Token XXXX'
|
|
# header are proxied to http://localhost:8428 .
|
|
# For example, http://vmauth:8427/api/v1/query is proxied to http://localhost:8428/api/v1/query
|
|
# Requests with the Basic Auth username=XXXX are proxied to http://localhost:8428 as well.
|
|
- bearer_token: "XXXX"
|
|
url_prefix: "http://localhost:8428"
|
|
|
|
# Requests with the 'Authorization: Bearer YYY' header are proxied to http://localhost:8428 ,
|
|
# The `X-Scope-OrgID: foobar` http header is added to every proxied request.
|
|
# For example, http://vmauth:8427/api/v1/query is proxied to http://localhost:8428/api/v1/query
|
|
- bearer_token: "YYY"
|
|
url_prefix: "http://localhost:8428"
|
|
headers:
|
|
- "X-Scope-OrgID: foobar"
|
|
|
|
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
|
|
# are proxied to http://localhost:8428 .
|
|
# For example, http://vmauth:8427/api/v1/query is proxied to http://localhost:8428/api/v1/query
|
|
#
|
|
# The given user can send maximum 10 concurrent requests according to the provided max_concurrent_requests.
|
|
# Excess concurrent requests are rejected with 429 HTTP status code.
|
|
# See also -maxConcurrentPerUserRequests and -maxConcurrentRequests command-line flags.
|
|
- username: "local-single-node"
|
|
password: "***"
|
|
url_prefix: "http://localhost:8428"
|
|
max_concurrent_requests: 10
|
|
|
|
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
|
|
# are proxied to http://localhost:8428 with extra_label=team=dev query arg.
|
|
# For example, http://vmauth:8427/api/v1/query is routed to http://localhost:8428/api/v1/query?extra_label=team=dev
|
|
- username: "local-single-node2"
|
|
password: "***"
|
|
url_prefix: "http://localhost:8428?extra_label=team=dev"
|
|
|
|
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
|
|
# are load-balanced among http://vmselect1:8481/select/123/prometheus and http://vmselect2:8481/select/123/prometheus
|
|
# For example, http://vmauth:8427/api/v1/query is proxied to the following urls in a round-robin manner:
|
|
# - http://vmselect1:8481/select/123/prometheus/api/v1/select
|
|
# - http://vmselect2:8481/select/123/prometheus/api/v1/select
|
|
- username: "cluster-select-account-123"
|
|
password: "***"
|
|
url_prefix:
|
|
- "http://vmselect1:8481/select/123/prometheus"
|
|
- "http://vmselect2:8481/select/123/prometheus"
|
|
|
|
# All the requests to http://vmauth:8427 with the given Basic Auth (username:password)
|
|
# are load-balanced between http://vminsert1:8480/insert/42/prometheus and http://vminsert2:8480/insert/42/prometheus
|
|
# For example, http://vmauth:8427/api/v1/write is proxied to the following urls in a round-robin manner:
|
|
# - http://vminsert1:8480/insert/42/prometheus/api/v1/write
|
|
# - http://vminsert2:8480/insert/42/prometheus/api/v1/write
|
|
- username: "cluster-insert-account-42"
|
|
password: "***"
|
|
url_prefix:
|
|
- "http://vminsert1:8480/insert/42/prometheus"
|
|
- "http://vminsert2:8480/insert/42/prometheus"
|
|
|
|
# A single user for querying and inserting data:
|
|
#
|
|
# - Requests to http://vmauth:8427/api/v1/query, http://vmauth:8427/api/v1/query_range
|
|
# and http://vmauth:8427/api/v1/label/<label_name>/values are proxied to the following urls in a round-robin manner:
|
|
# - http://vmselect1:8481/select/42/prometheus
|
|
# - http://vmselect2:8481/select/42/prometheus
|
|
# For example, http://vmauth:8427/api/v1/query is proxied to http://vmselect1:8480/select/42/prometheus/api/v1/query
|
|
# or to http://vmselect2:8480/select/42/prometheus/api/v1/query .
|
|
#
|
|
# - Requests to http://vmauth:8427/api/v1/write are proxied to http://vminsert:8480/insert/42/prometheus/api/v1/write .
|
|
# The "X-Scope-OrgID: abc" http header is added to these requests.
|
|
#
|
|
# Request which do not match `src_paths` from the `url_map` are proxied to the urls from `default_url`
|
|
# in a round-robin manner. The original request path is passed in `request_path` query arg.
|
|
# For example, request to http://vmauth:8427/non/existing/path are proxied:
|
|
# - to http://default1:8888/unsupported_url_handler?request_path=/non/existing/path
|
|
# - or http://default2:8888/unsupported_url_handler?request_path=/non/existing/path
|
|
- username: "foobar"
|
|
url_map:
|
|
- src_paths:
|
|
- "/api/v1/query"
|
|
- "/api/v1/query_range"
|
|
- "/api/v1/label/[^/]+/values"
|
|
url_prefix:
|
|
- "http://vmselect1:8481/select/42/prometheus"
|
|
- "http://vmselect2:8481/select/42/prometheus"
|
|
- src_paths: ["/api/v1/write"]
|
|
url_prefix: "http://vminsert:8480/insert/42/prometheus"
|
|
headers:
|
|
- "X-Scope-OrgID: abc"
|
|
ip_filters:
|
|
deny_list: [127.0.0.1]
|
|
default_url:
|
|
- "http://default1:8888/unsupported_url_handler"
|
|
- "http://default2:8888/unsupported_url_handler"
|
|
|
|
# Requests without Authorization header are routed according to `unauthorized_user` section.
|
|
unauthorized_user:
|
|
url_map:
|
|
- src_paths:
|
|
- /api/v1/query
|
|
- /api/v1/query_range
|
|
url_prefix:
|
|
- http://vmselect1:8481/select/0/prometheus
|
|
- http://vmselect2:8481/select/0/prometheus
|
|
ip_filters:
|
|
allow_list: [8.8.8.8]
|
|
|
|
ip_filters:
|
|
allow_list: ["1.2.3.0/24", "127.0.0.1"]
|
|
deny_list:
|
|
- 10.1.0.1
|