node_exporter/https
Goutham Veeramachaneni bd0918f29a Expose the function to generate tls.Config
We're looking to reuse this in Cortex to client side encrypt our
connections and not having this exposed is making us copy this entire
function.

Signed-off-by: Goutham Veeramachaneni <gouthamve@gmail.com>
2020-04-17 12:02:31 +02:00
..
testdata Adding TLS to node exporter - cleaner version (#1277) 2019-11-16 00:12:57 +01:00
README.md Fix typo in README.md 2020-04-08 10:18:22 +02:00
tls_config.go Expose the function to generate tls.Config 2020-04-17 12:02:31 +02:00
tls_config_test.go Enable golint (#1623) 2020-02-27 11:59:02 +01:00
web-config.yml Adding TLS to node exporter - cleaner version (#1277) 2019-11-16 00:12:57 +01:00

HTTPS Package for Prometheus

The https directory contains a Go package and a sample configuration file for running node_exporter with HTTPS instead of HTTP. When running a server with TLS use the flag --web.config

e.g. ./node_exporter --web.config="web-config.yml" If the config is kept within the https directory.

The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.

Sample Config

tlsConfig :
  # Certificate and key files for server to use to authenticate to client
  tlsCertPath : <filename>
  tlsKeyPath : <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies
  # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
  [ clientAuth : <string> | default = "NoClientCert" ]

  # CA certificate for client certificate authentication to the server
  [ clientCAs : <filename> ]