“Nginx用户密码认证配置 Basic HTTP authentication”的版本间的差异
跳到导航
跳到搜索
(未显示同一用户的1个中间版本) | |||
第1行: | 第1行: | ||
+ | [[category:ops]] [[category:]] | ||
=Prometheus通过Nginx加密登陆= | =Prometheus通过Nginx加密登陆= | ||
第38行: | 第39行: | ||
listen 80; | listen 80; | ||
server_name pro.linuxsa.org; | server_name pro.linuxsa.org; | ||
− | # access_log /var/log/nginx/ | + | # access_log /var/log/nginx/teo.net.log; |
− | |||
第46行: | 第46行: | ||
location / { | location / { | ||
auth_basic "Prometheus"; | auth_basic "Prometheus"; | ||
− | auth_basic_user_file "/usr/local/openresty | + | auth_basic_user_file "/usr/local/openresty/.htpasswd"; |
proxy_pass http://10.30.10.124:9090; | proxy_pass http://10.30.10.124:9090; | ||
proxy_http_version 1.1; | proxy_http_version 1.1; | ||
第65行: | 第65行: | ||
proxy_send_timeout 1800s; | proxy_send_timeout 1800s; | ||
proxy_read_timeout 1800s; | proxy_read_timeout 1800s; | ||
− | |||
− | |||
real_ip_recursive on; | real_ip_recursive on; | ||
第87行: | 第85行: | ||
} | } | ||
</pre> | </pre> | ||
+ | |||
=prome conf= | =prome conf= | ||
<pre> | <pre> | ||
第105行: | 第104行: | ||
[http://www.songjiayang.com/posts/prometheus-shu-ju-an-quan-zhi-basic-ren-zheng Prometheus 数据安全之 Basic 认证] | [http://www.songjiayang.com/posts/prometheus-shu-ju-an-quan-zhi-basic-ren-zheng Prometheus 数据安全之 Basic 认证] | ||
+ | [https://blog.whsir.com/post-4241.html Prometheus通过Nginx加密登陆(二)] | ||
[https://www.jianshu.com/p/edd9c17d8c8b 为 Prometheus 添加 HTTP Basic Auth] | [https://www.jianshu.com/p/edd9c17d8c8b 为 Prometheus 添加 HTTP Basic Auth] |
2020年4月22日 (三) 10:20的最新版本
[[category:]]
Prometheus通过Nginx加密登陆
#安装apache-htpasswd工具 yum -y install httpd-tools apt -y install apache2-utils #使用 htpasswd 生成认证密钥对 htpasswd -c .htpasswd admin New password: Re-type new password: Adding password for user admin cat .htpasswd
ng配置
eg http { server { listen 80; server_name pro.linuxsa.org; location / { proxy_pass http://localhost:9090/; auth_basic "Prometheus"; auth_basic_user_file ".htpasswd"; } } cat pro.conf server { listen 80; server_name pro.linuxsa.org; # access_log /var/log/nginx/teo.net.log; client_max_body_size 10m; location / { auth_basic "Prometheus"; auth_basic_user_file "/usr/local/openresty/.htpasswd"; proxy_pass http://10.30.10.124:9090; proxy_http_version 1.1; #set_real_ip_from 10.0.0.0/8; #set_real_ip_from 172.16.0.0/12; #set_real_ip_from 192.168.0.0/16; #real_ip_header X-Forwarded-For; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Remote-Port $remote_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_connect_timeout 1800s; proxy_send_timeout 1800s; proxy_read_timeout 1800s; real_ip_recursive on; # real_ip_header X-Forwarded-For; # set_real_ip_from 0.0.0.0/0; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header Host $host:$server_port; #proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #proxy_set_header X-NginX-Proxy true; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; } }
prome conf
我好像没用这个吧 最后一步是修改 prometheus.yml 文件,将我们的 Node Exporter 服务添加进去: - job_name: 'node-exporter' static_configs: - targets: ['your-ip:19090'] basic_auth: username: yuankun password: your-password 重启 Prometheus 服务,就大功告成了。
see also
为 Prometheus 添加 HTTP Basic Auth