Trying to use node exporter securely on a remote host
1,634 views
Skip to first unread message
theodoto...@gmail.com
Sep 13, 2017, 8:33:26 AM9/13/17
to Prometheus Users
Hello,
I want to monitor a remote host with node exporter install. If I hit port 9100 unecrypted all is well and I can see the metrics graphed. I setup an nginx reverse proxy with https, in front of node exported but I get no data. I'm a newbie so I'm not sure about my configuration.
My setup:
## Remote node (www.example.com)
Services installed:
* Nginx
* Node exporter (port 9100)
Nginx config:
```
# /etc/nginx/sites-enabled/node-exporter.conf
server {
server_name www.example.com;
location / {
proxy_pass http://localhost:9100/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
listen 9110 ssl;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
}
```
## Prometheus server (prom.example.com)
Services installed
* Prometheus
* Grafana
* Node Exporter Full Dashboard
Working *node exporter* config (insecure):
```
- job_name: node
static_configs:
- targets: ['www.example.com:9100']
```
Not working *node exporter* config (secure?):
```
- job_name: node
scheme: https
tls_config:
ca_file: /etc/ssl/certs/ca-certificates.crt
insecure_skip_verify: true
static_configs:
- targets: ['www.example.com:9110']
```
Any idea?
I want to monitor a remote host with node exporter install. If I hit port 9100 unecrypted all is well and I can see the metrics graphed. I setup an nginx reverse proxy with https, in front of node exported but I get no data. I'm a newbie so I'm not sure about my configuration.
My setup:
## Remote node (www.example.com)
Services installed:
* Nginx
* Node exporter (port 9100)
Nginx config:
```
# /etc/nginx/sites-enabled/node-exporter.conf
server {
server_name www.example.com;
location / {
proxy_pass http://localhost:9100/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
listen 9110 ssl;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
}
```
## Prometheus server (prom.example.com)
Services installed
* Prometheus
* Grafana
* Node Exporter Full Dashboard
Working *node exporter* config (insecure):
```
- job_name: node
static_configs:
- targets: ['www.example.com:9100']
```
Not working *node exporter* config (secure?):
```
- job_name: node
scheme: https
tls_config:
ca_file: /etc/ssl/certs/ca-certificates.crt
insecure_skip_verify: true
static_configs:
- targets: ['www.example.com:9110']
```
Any idea?
theodoto...@gmail.com
Sep 14, 2017, 10:04:35 AM9/14/17
to Prometheus Users
Trying this command from the prometheus servers returns the correct results:
```
wget https://www.example.com:9110/metrics
```
```
wget https://www.example.com:9110/metrics
```
Reply all
Reply to author
Forward
0 new messages