linux - 使用 nginx 重定向 prometheus 调用时出错
问题描述
为什么在对呼叫进行身份验证后出现 404 错误http://<ip-external>:80?
我想打电话的时候,他用用户名和密码认证,在prometheus的页面后返回
docker.compose.yml
version: '3.1'
services:
prometheus:
image: prom/prometheus
container_name: meta_prometheus
user: '0'
volumes:
- /etc/prometheus:/etc/prometheus
- /prometheus/data:/prometheus/data
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus/data'
ports:
- 9090:9090
network_mode: host
nginx.conf
pid /etc/nginx/logs/nginx.pid;
http {
server {
listen 0.0.0.0:80;
location / {
proxy_pass http://localhost:9090/;
auth_basic "Prometheus";
auth_basic_user_file ".htpasswd";
}
}
}
events {
}
回来
参考:https ://www.robustperception.io/adding-basic-auth-to-prometheus-with-nginx
Nginx 版本:1.9
操作系统:红帽企业 Linux 7.9
解决方案
由于我花了很多时间来了解如何做所有事情,以下是使用身份验证和 HTTPS 安装 prometheus 的完整过程
码头工人组成:
version: '3.1'
services:
prometheus:
image: prom/prometheus
container_name: prometheus
user: '0'
volumes:
- /etc/prometheus:/etc/prometheus
- /prometheus/data:/prometheus/data
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus/data'
ports:
- 9090:9090
network_mode: host
码头工人命令:
docker-compose up -d
用户
htpasswd /docker/htpasswd/prometheus username-here
Nginx
2. yum install mod_ssl
3. yum install openssl
4. openssl genrsa -out ca.key 2048
5. openssl req -new -key ca.key -out ca.csr
6. openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
7. cp ca.crt /etc/pki/tls/certs
9. cp ca.key /etc/pki/tls/private/
10. cp ca.csr /etc/pki/tls/private
11. yum install gcc-c++ pcre-dev pcre-devel zlib-devel
12. cd /tmp/;wget http://nginx.org/download/nginx-1.9.9.tar.gz
13. tar zxf nginx-1.9.9.tar.gz
14. cd /tmp/;wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz
15. tar zxf openssl-1.0.1t.tar.gz
16. mv /tmp/openssl-1.0.1t/ /etc/openssl-1.0
17. useradd --no-create-home --shell /bin/false nginx
18. cd nginx-1.9.9
Execute the command below
./configure --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=nginx \
--group=nginx \
--with-openssl=/etc/openssl-1.0 \
--with-http_ssl_module \
--pid-path=/run/nginx.pid
19. make -j2
20. make install
21. vim /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
22. vim /etc/nginx/nginx.conf
pid /run/nginx.pid;
http {
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/pki/tls/certs/ca.crt;
ssl_certificate_key /etc/pki/tls/private/ca.key;
ssl_session_timeout 5m;
location / {
resolver 127.0.0.1 valid=30s;
proxy_pass http://localhost:9090/;
auth_basic "Protected by sidecar proxy!";
auth_basic_user_file /docker/htpasswd/prometheus;
}
}
}
events {
}
23. systemctl daemon-reload
24. systemctl enable nginx
25. systemctl start nginx
26. systemctl status nginx
推荐阅读
- c - 错误:生成多个输出文件时无法指定 -o
- salesforce - 如何在 Salesforce 中使用 sql 查询关闭机会和关闭谁?
- elasticsearch - 我可以在 kibana 中创建一个插件,在 kibana 仪表板内的小部件菜单中为我提供“下载为 csv 选项”吗?
- r - 根据条件替换字符串中的匹配模式
- c - mq_open 的 oflag 参数不反映创建的 mqueue 文件的实际访问位
- jquery - Videojs - 如何在控制栏中添加自定义图标
- sockets - 将图像从 b4a 客户端发送到 Delphi 服务器
- javascript - 2 在对象中的数组值上选择过滤器
- r - 如果时间在特定时间间隔内,则创建指标变量
- reactjs - 悬停日期 - react-dates 库