Closed AlexandarY closed 10 months ago
I submitted a PR , which would allow a per http module inclusion of additional Root CA certificates to the Root CA pool used by the http proxy client.
Also added the ability to specify the ServerName
that is used to validate the server tls certificate. This would allow to handle cases, where you want the address
to be an IP address, but not include the IP in the TLS certificate.
modules:
node:
method: http
http:
scheme: https
port: 9100
address: 127.0.0.1
server_name: test.com
PR: https://github.com/QubitProducts/exporter_exporter/pull/98
Closed via #98
Hey!
I'm looking into setting HTTPS + TLS Client Certificates from
exporter_exporter
to a target exporter with a custom Certificate Authority, but it appears that the custom Certificate Authority certificate is not included in theRootCAs
pool of the proxy client.I did a test with
node_exporter
and the followingexpexp.yaml
config:and on
node_exporter
's end the followingweb-config.yaml
Running a request to
/proxy?module=node
logs the following error:A workaround appears to be if I set in
expexp.yaml
thetls_insecure_skip_verify:
totrue
, but as per go's docs, that is not a good idea.My question is, is this expected to work this way or am I misunderstanding something?