Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add FastCGI interface to secure prometheus (with unix domain socket) #5160

Closed
michael-doubez opened this Issue Jan 30, 2019 · 1 comment

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@michael-doubez @brian-brazil
@michael-doubez
Copy link

michael-doubez commented Jan 30, 2019
edited

Proposal

Use case. Why is this important?

Currently, when trying to secure Prometheus/AlertManager on a non-containerized architecture, the only way to secure it is binding on localhost and using a reverse-proxy (like nginx).
But, the interface is still exposed on localhost interface and there is no way to restrict the access with basic-auth or tls client auth.

FastCGI

A good middle-ground solution would be to serve the requests using fastcgi. The module "net/http/fcgi" is readily available and fast-cgi seamlessly integrates with major http servers.

On unix, the security would be provided by using unix domain sockets whose access rights can be controlled. On windows, there would be named pipes; although I am not sure it is as common as unix flavor.
@brian-brazil

This comment has been minimized.

Sign in to view
Copy link
Member

brian-brazil commented Jan 30, 2019

Dupe of #4068. This is not something we plan on adding.

@brian-brazil brian-brazil closed this Jan 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.