tls_config /tls_server_config

[Kolja Krückmann]

Hi all, I want to run prometheus as https.

I searched through the whole doc and this google.group. Unfortunatly I still don't understand how I use the certificates and how to exactly get all them files (.key, .ca, .cert) I know so far, that I should use openssl for creating said files but what values are needed, do I need both configs (see subject) for opening the web dashboard of prometheus over https?

I just don't find the right instruction for doing this. Maybe I am just having a bad day and can't find anything...

Kind regards,

Kolja

[Kolja Krückmann]

[EDIT]

My goal is to connect to prometheus-website (from a client not the host itself) via https, because I want to embed the website in a powerpoint. Unfortunatly the Add-in from ppt only allows https: websites

[Brian Candler]

If you want your website to have a *valid* certificate which web browsers trust, then you shouldn't use openssl: you should use letsencrypt, using a client program such as certbot, dehydrated, acme.sh.  Letsencrypt has plenty of getting started guides, plus its own forum where you can ask questions about this.

This will create two files: a private key, and a certificate chain.  You would then refer to these using tls_server_config in a separate config file that you point to with --web.config.file.

tls_config is used when prometheus itself is making *outbound* https connections - for example when scraping an exporter or talking to an API for service discovery - so isn't relevant here.

[Kolja Krückmann]

Hi Brian,

thank you for clarifying the configs!

I now got it working by creating my own .pfx via mmc.exe then extracting with openssl the key anf cert file. This is working great!

Kind regards

Kolja