Prometheus configuration authentication

Prometheus version 2.41.0

1. Introduction and research on platform unified monitoring
2. Intuitive experience of PromQL and its data types
3. PromQL selectors and operators
4. Functions of PromQL
5. Prometheus configuration authentication

Prometheus is installed by default without ID card authentication and TLS, which need to be configured separately.

The Prometheus configuration file is in yaml format and is configured separately. It is named on the official website and loaded web-config.ymlwith the command.--web.config.file

web-config.yml

tls_server_config:
  # 配置TLS
  cert_file: <filename>
  key_file: <filename>
  
  #客户端认证类型，支持NoClientCert、RequestClientCert、RequireAnyClientCert、VerifyClientCertIfGiven、RequireAndVerifyClientCert， 默认为NoClientCert
  #NoClientCert 不验证证书
  #RequestClientCert 握手期间请求客户端证书，但不要求发送
  #RequireAnyClientCert 握手期间请求客户端证书，并且客户端至少要发送一个证书，但不要求证书有效
  #VerifyClientCertIfGiven 握手期间请求客户端证书，不要求发送证书，但如果发送了证书，证书必须有效
  #RequireAndVerifyClientCert 握手期间请求客户端证书，并且客户端至少要发送一个有效证书
  [ client_auth_type: <string> | default = "NoClientCert" ]

  #客户端证书验证的CA 证书
  [ client_ca_file: <filename> ]

  # 最低TLS 版本，默认 TLS12
  [ min_version: <string> | default = "TLS12" ]

  # 最高TLS 版本，默认TLS13
  [ max_version: <string> | default = "TLS13" ]

  # 支持TLS 1.2以下的密码套件列表，为空，默认使用GO的默认密码套件，https://golang.org/pkg/crypto/tls/#pkg-constants
  # 仅支持以下函数返回的密码，https://pkg.go.dev/crypto/tls#CipherSuites
  [ cipher_suites:
    [ - <string> ] ]

  # 控制服务端是选择客户端密码套件，还是服务端密码套件，如果为ture，则从cipher_suites中选择首选项
  [ prefer_server_cipher_suites: <bool> | default = true ]

  # ECDHE握手中使用的椭圆曲线，按优先顺序
  # 可用选项：https://golang.org/pkg/crypto/tls/#CurveID
  [ curve_preferences:
    [ - <string> ] ]

http_server_config:
  # 开启HTTP/2. HTTP/2仅支持TLS.
  # 更改不能立刻生效
  [ http2: <boolean> | default = true ]
  # 可添加到HTTP响应的header列表。
  [ headers:
    # 设置 Content-Security-Policy，为空则不设置
    [ Content-Security-Policy: <string> ]
    # 设置 X-Frame-Options，为空则不设置
    # 接受的值有 deny 和 sameorigin
    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
    [ X-Frame-Options: <string> ]
    # 设置 X-Content-Type-Options，为空则不设置
    # 接受的值是 nosniff
    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
    [ X-Content-Type-Options: <string> ]
    # 设置 the X-XSS-Protection，为空则不设置
    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
    [ X-XSS-Protection: <string> ]
    # 谨慎使用此头，因为此标头可能会迫使浏览器在同一域和子域上加载 Prometheus 和其他应用程序时使用 HTTPS
    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
    [ Strict-Transport-Security: <string> ] ]

# Web页面的 身份认证，密码加密使用bcrypt,格式为username: password
basic_auth_users:
  [ <string>: <secret> ... ]

The above configuration is an official configuration document. If we want to enable Prometheus's Web authentication, the simple configuration only needs to add basic_auth_userssome parts, such as

basic_auth_users:
  alice: $2y$10$mDwo.lAisC94iLAyP81MCesa29IzH37oigHC/42V2pdJlUprsJPze
  bob: $2y$10$hLqFl9jSjoAAy95Z/zw8Ye8wkdMBM8c5Bn1ptYqP/AXyV0.oy0S8m

Passwords are encrypted using bcrypt, which can be done using the toolhtpasswd

https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md#about-bcrypt

or

https://bcrypt-generator.com/

The security is higher, configure TLS, the following is a mandatory option, and the certificate generation can be seen on other websites.

tls_server_config:
  cert_file: server.crt
  key_file: server.key

After the configuration is complete, --web.config.fileload it into Prometheus via .

To access the Prometheus page, you need to log in, as shown in the figure:

When Grafana configures the data source option, it must be turned on Basic authand enter the correct user name and password

Other articles by the author:
Grafana series articles, version: OOS v9.3.1

1. Introduction and installation of Grafana
2. Introduction to configuration parameters of Grafana monitoring large screen (1)
3. Introduction to configuration parameters of Grafana monitoring large screen (2)
4. Grafana monitors large-screen visualization charts
5. Grafana query data and transform data
6. Introduction to Grafana Alarm Module
7. Grafana alarm access Feishu notification

---

Spring Boot Admin series

1. Spring Boot Admin Reference Guide
2. The problem that the SpringBoot Admin service is offline and does not display health information
3. Loading of Spring Boot Admin2 @EnableAdminServer
4. Detailed Explanation of Spring Boot Admin2 AdminServerAutoConfiguration
5. Detailed Explanation of Spring Boot Admin2 Instance Status Monitoring
6. Spring Boot Admin2 custom JVM monitoring notification
7. Spring Boot Admin2 custom exception monitoring
8. Spring Boot Admin monitoring indicators connected to Grafana visualization