Install an External Node Exporter

Video Lecture

Install External Node Exporter Install External Node Exporter Install External Node Exporter

Description

Now we will install an external Prometheus Node Exporter on a different server.

apt install prometheus-node-exporter

Now check the node exporter is running.

sudo service node-exporter status

You can stop, start or restart a node exporter using

sudo service node-exporter stop
sudo service node-exporter start
sudo service node-exporter restart

Node exporter will now be running on http://[your domain or ip]:9100/metrics

You can now block port 9100 externally, but leave it open internally for localhost.

And optionally, you can also allow a specific ip address or domain on the internet to access the port.

iptables -A INPUT -p tcp -s IP-ADDRESS-OR-DOMAIN_NAME --dport 9100 -j ACCEPT
iptables -A INPUT -p tcp -s localhost --dport 9100 -j ACCEPT
iptables -A INPUT -p tcp --dport 9100 -j DROP
iptables -L

Warning

iptables settings will be lost in case of system reboot. You will need to reapply them manually,

or

install iptables-persistent

sudo apt install iptables-persistent

This will save your settings into two files called,

/etc/iptables/rules.v4

/etc/iptables/rules.v6

Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,

iptables-save > /etc/iptables/rules.v4

iptables-save > /etc/iptables/rules.v6

Add the new scrape config for the new node exporter to the Prometheus configuration yml on your Prometheus server.

sudo nano /etc/prometheus/prometheus.yml

Scroll down to the bottom and add a new scrape target to the existing node job

  - job_name: 'node'
    static_configs:
    - targets: ['localhost:9100']
    - targets: ['other-server-ip-or-domain:9100']

Check changes to the config are syntactically correct

promtool check config /etc/prometheus/prometheus.yml

and if OK, then restart the Prometheus service.

sudo service prometheus restart
sudo service prometheus status

If you want to add ssl to the external node exporter you can also use an nginx reverse proxy and add a path specific for the node exporter.

Example, for a server config you can add a metrics location.

server {
    server_name  YOUR-DOMAIN-NAME;

    ... (other typical nginx settings such as ports, ssl cert paths, etc for your website)

    location /metrics {
        allow  REMOTE_IP_ADDRESS_WHICH_IS_ALLOWED_TO_QUERY_THIS_ENDPOINT;
        deny all;
        proxy_pass           http://localhost:9100/metrics;
    }

    ... (other typical nginx settings such as ports, ssl cert paths, etc for your website)