node_exporter/https
Julien Pivotto 70a77aefc0 Add tls versions
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2020-04-28 00:33:08 +02:00
..
testdata Make TLS config consistent with Prometheus (#1685) 2020-04-25 13:42:45 +02:00
README.md Add tls versions 2020-04-28 00:33:08 +02:00
tls_config.go TLS: only support TLS 1.2 2020-04-28 00:33:08 +02:00
tls_config_test.go Enable golint (#1623) 2020-02-27 11:59:02 +01:00
web-config.yml Make TLS config consistent with Prometheus (#1685) 2020-04-25 13:42:45 +02:00

HTTPS Package for Prometheus

The https directory contains a Go package and a sample configuration file for running node_exporter with HTTPS instead of HTTP. We currently support TLS 1.3 and TLS 1.2.

To run a server with TLS, use the flag --web.config.

e.g. ./node_exporter --web.config="web-config.yml" If the config is kept within the https directory.

The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.

Sample Config

tls_config:
  # Certificate and key files for server to use to authenticate to client
  cert_file: <filename>
  key_file: <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies
  # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
  [ client_auth_type: <string> | default = "NoClientCert" ]

  # CA certificate for client certificate authentication to the server
  [ client_ca_file: <filename> ]