Protection of web web endpoint

[hynek]

Hi,

it seems like there’s no way of protecting the web endpoint although Prometheus supports both basic auth TLS certificates (at least according to the docs :)).

Any chance of collected_exporter growing them? I would prefer to not install a nginx on each server just to be able to use HTTPS for my metrics…

Metrics might not be the most sensitive data and our metrics subnet is private but for example on customer servers I’m uncomfortable to expose all system statistics to all users.

[brian-brazil]

Due to how many different ways it's possible to configure security, authorisation and authentication we've decided that we'd rather dedicate our time to improving monitoring and delegate to other systems like nginx that are more suited for this purposet.

If you're worrried about connections over localhost Linux iptables supports filtering on UID/GID.