If the http module to which the exporter_exporter proxies is protected by a certificate authority, which is not part of the system root CA pool, connections will fail with
msg="Proxy error for module 'node': x509: certificate signed by unknown authority"
The changes in commit 7afa456 allow per http module inclusion of a Root CA to the Root CA pool that is being used by the httpProxy client.
The changes in commit 3b66f6d allow per http module overwrite of the ServerName that is used to validate the SAN of the server tls certificate. In other words, if you have an exporter protected with a TLS certificate with SAN name test.com, but you want to connect to it by IP address, you can do the following:
tcolgate
commented
8 months ago
If the
httpmodule to which theexporter_exporterproxies is protected by a certificate authority, which is not part of the system root CA pool, connections will fail withThe changes in commit
7afa456allow per http module inclusion of a Root CA to the Root CA pool that is being used by the httpProxy client. The changes in commit3b66f6dallow per http module overwrite of the ServerName that is used to validate the SAN of the server tls certificate. In other words, if you have an exporter protected with a TLS certificate with SAN nametest.com, but you want to connect to it by IP address, you can do the following: