New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Metrics endpoint to support TLS #442
Comments
For now I'd suggest keeping it working in a local version, and then follow how we do it in Go once that's settled down. |
Hi, was hoping to expose an HTTPS endpoint. Is there any chance of getting @senthilkumarkj 's changes merged? |
This is not something to be figured out in this repo, it's for client_java which this would then pull in. The version of Java we support combined with the features such a thing should offer to provide similar functionality to the Go version makes this challenging, but I'm open to ideas as to how to go about it. |
@brian-brazil Clear, thanks for the quick response. I didn't find a related issue in the client_java repo. Shall I open an issue there? I'm not sure what the challenges are regarding Java versions. My understanding was that senthilkumarkj already has it working, and that it was a matter of deciding how the configuration should be laid out. |
Different versions of Java support different TLS protocol versions, and later ones also add new methods which we'd want to be using. Basically all the TLS bits of https://github.com/prometheus/exporter-toolkit/tree/master/https#sample-config need to be supported as far as is possible using the same config file, including the automatic cert reloading. |
Hi all, I'd like to add to this discussion the request to consider adding also authentication to TLS support. |
That would be part of the above. |
any further updates on this, please. we do have the same requirement to enable the MSSL on JMX metric port |
+1 waiting for ssl implementation |
I just created a next-release branch PR ( prometheus/client_java#683 ) to add HTTP authentication into HTTPServer. If it's accepted/merged it would easily allow basic HTTP authentication into jmx-exporter. |
Just to be clear: The PR mentioned above adds basic HTTP authentication. It does not add SSL support. |
Correct |
Given the upcoming merge of prometheus/client_java#695, I wanted to start the conversation around the configuration parameters for TLS/SSL support.
We could reuse the approach and add a new yaml configuration value This would allow for a single keystore/truststore to manage. An alternate approach would be to use specifically defined yaml configuration values for TLS/SSL support. (i.e. not use the Java system properties.) This would allow independent management of the keystore/truststore used by the Thoughts on the configuration approach/parameters? |
See also #664. |
@dhoard Hi, is there any progress in supporting TLS for JMX exporter? I want to use keyStore/trustStore to implement exposing metrics to Prometheus in TLS. |
@suyuyi Currently, using a reverse proxy with TLS/SSL is required. I have worked on some of the initial work for the feature, but I’m currently focused on other things, so haven’t revisited it. |
We are currently use Prometheus to expose metrics, is there any plan to support TLS for JMX exporter? thanks |
|
See #688 |
Resolved in release 0.19.0. |
Hello! We've some requirements to expose metrics in an TLS endpoint. Simple HttpServer added this constructor in 0.7.0 to allow https server to be passed.
If we add conf to specify keystore and other related configs, we can create an HttpsServer in JavaAgent.
I've made it work here - senthilkumarkj#1
However, I'm not sure what's the best way to add the new configs for the server. Currently server related conf (host and port) are part of options itself.
I've a couple of proposals.
---
and config names prefixed with "server" likeBut the problem is config file is parsed in collector only. We may need to parse the same file twice one in agent and one in collector.
Please let me know your thoughts on this. Thanks!
The text was updated successfully, but these errors were encountered: