Nginx Question posted in
The official documentation can be found here.

Configure HTTPS and Basic Auth for Alertmanager – Nginx

I would like to secure my Alertmanager with tls and authentication, so that in my network, not everyone is able to access the public facing end point. I don’t want to use nginx server for proxy.
This will be my prometheus configuration:

global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - scheme: https
    basic_auth:
      username: abc
      password: ####
    tls_config:
      ca_file: ca.crt
      cert_file: ca.crt
      key_file: ca.key
    static_configs:
    - targets: ['localhost:9093']

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  - "alertRules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'
    scheme: https
    basic_auth:
      username: abc
      password: ###
    tls_config:
      ca_file: ca.crt
    static_configs:
    - targets: ['localhost:9090']
Tags:

2

Answers


  1. 0

    Since version 0.22 the Alertmanager supports basic authentication and https. Check the original documentation to see how to configure it, since your configuration does not seem to match the description there.

    The details on how to hash the passwords and test the whole setup can be adapted from the Prometheus documentation.

    UPDATE: I looked again at your question and I guess I got confused by the title. It seems like what you are trying to do is to configure Prometheus to work with an Alertmanager that requires basic authentication. The solution I provided at the beginning of this post is to configure the Alertmanager to require basic authentication.

    If you want to configure Prometheus to communicate with an Alertmanager that requires basic authentication your configuration seems right as explained in this section of the Prometheus documentation.

    Login or Signup to reply.
  2. 0

    I think your configuration is good, but maybe you need to work on the certificates alternative names and access the endpoints using the proper names.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search