Node_exporter 1.7.0 - http_server_config - Strict-Transport-Security

[Alexander Wilke]

Hello,

I am running:

node_exporter, version 1.7.0 (branch: HEAD, revision: 7333465abf9efba81876303bb57e6fadb946041b)
  build date:       20231112-23:53:35
  go version:       go1.21.4
  platform:         linux/amd64
  tags:             netgo osusergo static_build

Vulnerability scan complained that HSTS is not enabled so I wanted to enable it:

tls_server_config:
  cert_file: "/opt/node_exporter/node_exporter.pem"
  key_file: "/opt/node_exporter/node_exporter.key"

  min_version: "TLS12"
  max_version: "TLS13"

  client_auth_type: "NoClientCert"

basic_auth_users:
        userxxxx: 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'

http_server_config:
  Strict-Transport-Security: max-age=31536000  # 1 year

Unfortunately I get this error:

node_exporter: ts=2024-01-17T07:30:04.483Z caller=node_exporter.go:223 level=error err="yaml: unmarshal errors:\n  line 14: field Strict-Transport-Security not found in type web.HTTPConfig"
systemd: node_exporter.service: main process exited, code=exited, status=1/FAILURE

I tried to configure it based on this documentation:
https://prometheus.io/docs/prometheus/latest/configuration/https/

probably I need the other parameters, too like:
Strict-Transport-Security: max-age=<expire-time>; includeSubDomains; preload
How to get this working?

[Brian Candler]

The YAML parsing error is simply saying that under "http_server_config", you cannot put "Strict-Transport-Security".

The documentation says that the only keys allowed under "http_server_config" are "http2" and "headers". So it needs to be like this:

http_server_config:
  headers:
    Strict-Transport-Security: <string>

[Alexander Wilke]

Hello Brian,

I am very sorry. I missed that "headers:"  between the lines of description.

It is working now.