原文:Adding Basic Auth to Prometheus with Nginx | Robust Perception nginx
Adding Basic Auth to Prometheus with Nginx
爲普羅米修斯添加Nginx基本認證(Basic Auth)
Brian Brazil August 11, 2015apache
Prometheus doesn’t provide authentication support in order to focus energy on making an awesome monitoring tool. Instead users can take advantage of a more purpose designed tool such as Nginx to do so. This post will look at how you can do that.bash
爲了集中精力完善普羅米修斯這一監控工具,普羅米修斯並不提供認證功能。相反,用戶能夠利用針對性的工具,好比Nginx。這篇文章說明如何作到這一點.app
To start you should install Nginx.ide
首先你須要安裝Nginx工具
Next let’s get a basic Ngingx setup working. Here’s an Nginx configuration that simply acts as a reverse proxy from Prometheus on port 9090 to port 19090:post
接下來讓咱們開始一個Nginx基本的配置工做。下面是普羅米修斯從9090端口到端口19090的反向代理的Nginx配置工做。this
http {
server {
listen 0.0.0.0:19090;
location / {
proxy_pass http://localhost:9090/;
}
}
}
events {
}
If you start Nginx and visit http://localhost:19090 you’ll see the Prometheus status page.url
啓動Nginx並訪問http://localhost:19090,就能夠看到Prometheus的狀態頁面。.net
Now that Nginx is working we can add basic authentication. In order to authenticate users we need a list of usernames and passwords. We’ll use the htpasswd utility for this. This is in the apache2-utils packages on Debian based systems such as Ubuntu. We’ll add a user called 「myuser」:
如今爲Nginx添加基本認證工做。爲了對用戶進行身份驗證,咱們須要一個用戶名和密碼列表。咱們使用htpasswd工具來實現。在基於Debian的系統上,好比Ubuntu,這個工具是的apache-utils工具包中。咱們添加一個叫「myuser」的用戶:
$ htpasswd -c .htpasswd myuser New password: Re-type new password: Adding password for user myuser
Then configure basic auth in the Nginx configuration file:
接着再Nginx配置文件中配置基本認證
http {
server {
listen 0.0.0.0:19090;
location / {
proxy_pass http://localhost:9090/;
auth_basic "Prometheus";
auth_basic_user_file ".htpasswd";
}
}
}
events {
}
If you restart Nginx and once again visit http://localhost:19090 you’ll now be asked for your username and password.
重啓Nginx,再次訪問http://localhost:19090就須要輸入用戶名和密碼。
Don’t forget to lock down file permissions on the .htpasswd file, and keep it outside of any paths that are served over HTTP. The same approach can be used with other components of Prometheus, such as the Alertmanager and Node Exporter.
別忘了鎖定.htpasswd的文件權限,避免聽任何在HTTP的訪問路徑以外。一樣的方法也能夠用於普羅米修斯的其餘組件,Alertmanager和Node Exporter