Add Basic Authentication to the Prometheus User Interface
Video Lecture
Description
Everything is great so far, but anybody in the world with the internet access and the URL can visit my Prometheus server and see my data.
To solve this problem, we will add user authentication.
We will use Basic Authentication.
SSH onto your server and CD into your /etc/nginx folder.
1 |
|
Then install apache2-utils (on ubuntu) or httpd-tools (on centos)
1 2 3 4 5 |
|
Now we can create a password file. In the command below, I am creating a user called 'admin'.
1 |
|
I then enter a password for the user.
Next open the Nginx Prometheus config file we created.
1 |
|
And add the two authentication properties in the examples below to the existing Nginx configuration file we have already created.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
|
Save and test the new configuration has no errors
1 |
|
Restart Nginx
1 2 |
|
Since port 9090 and 9100 are still open, we should block them for external connections.
1 2 3 4 5 |
|
Warning
iptables settings will be lost in case of system reboot. You will need to reapply them manually,
or
install iptables-persistent
1 |
|
This will save your settings into two files called,
/etc/iptables/rules.v4
/etc/iptables/rules.v6
Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,
iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/iptables/rules.v6