Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict access to /metrics from the public network #43

Closed
ochaplashkin opened this issue Apr 3, 2024 · 2 comments · Fixed by #44
Closed

Restrict access to /metrics from the public network #43

ochaplashkin opened this issue Apr 3, 2024 · 2 comments · Fixed by #44
Assignees
@ochaplashkin

Comments

@ochaplashkin
Copy link

ochaplashkin commented Apr 3, 2024
edited
Loading

TNT-992
@ochaplashkin ochaplashkin self-assigned this Apr 3, 2024
ochaplashkin pushed a commit to ochaplashkin/docbot that referenced this issue Apr 3, 2024
Restrict access to metrics from the public network
c0e6984 
Due to security reasons, access to the `/metrics` endpoint is restricted
by basic HTTP Bearer Token authentication. If you make a request without
the correct token, the server will respond with "Unauthorized Access".

Close tarantool#43
@ochaplashkin ochaplashkin mentioned this issue Apr 3, 2024
Merged
@ochaplashkin
Copy link
Author

ochaplashkin commented Apr 4, 2024
edited
Loading

  • Set generated prometheus token to the Dokku environment variables
  • Deploy docbot service
  • Change the prometheus config in the scrape_config section and add bearer_token
- job_name: 'test'
    metrics_path: '/metrics'
    scheme: "http"
    bearer_token: <token_here>
    ...
  • Check Grafana docbot dashboard
  • Check that there's no way to access the metrics without Bearer token

ochaplashkin pushed a commit that referenced this issue Apr 4, 2024
@ochaplashkin
Restrict access to metrics from the public network
9db0cd3 
Due to security reasons, access to the `/metrics` endpoint is restricted
by basic HTTP Bearer Token authentication. If you make a request without
the correct token, the server will respond with "Unauthorized Access".

Close #43
@ochaplashkin
Copy link
Author

ochaplashkin commented Apr 4, 2024
edited
Loading

Grafana dashboard now:
изображение

Access from public network:

$ curl -L 'docbot.tarantool.io/metrics'
Unauthorized Access

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ochaplashkin ochaplashkin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Restrict access to metrics from the public network ochaplashkin/docbot
1 participant
@ochaplashkin