search

grafana / loki

Like Prometheus, but for logs.
https://grafana.com/loki
GNU Affero General Public License v3.0
23.58k stars 3.41k forks source link

Switch to disable promtail http/grpc servers, and document behaviour for port = 0 #1991

Closed candlerb closed 4 years ago

candlerb commented 4 years ago

Is your feature request related to a problem? Please describe. By default, promtail listens on http and grpc ports. You may not want these servers to be active or accessible.

The example promtail configurations here and here show

  grpc_listen_port: 0

Users might expect this to mean "disable grpc server". Actually what happens is that the grpc server binds to a random port.

I cannot see that this is a useful behaviour. It's not secure (since anyone can find it using nmap).

Describe the solution you'd like Implement the ability to disable http server and grpc server, e.g. by setting the port to zero as per example configs, or by having a separate flag.

Describe alternatives you've considered If this isn't implemented, then at least document here the current behaviour:

# HTTP server listen port (0 means random port)
[http_listen_port: <int> | default = 80]

# gRPC server listen host
[grpc_listen_address: <string>]

# gRPC server listen port (0 means random port)
[grpc_listen_port: <int> | default = 9095]

Also change grpc_listen_port: 0 to grpc_listen_port: 9095 in all the sample configs (since the 0 example is not useful, but people are likely to copy it)

Additional context Workaround is to bind servers to 127.0.0.1 and/or use iptables to block traffic.

Dhana-Krishnasamy commented 4 years ago

Just want to mention that, We have a security constraint that we cannot have unsecure open ports in our systems. To scrape the log files and send them to Loki, we don't need a http interface anyway.

Option just like how Fluent Bit does, would be great

Even if the listen address is loopback address, it still exposes us to Elevation of rights attack

cyriltovena commented 4 years ago

@Dhana-Krishnasamy The http server is required for healtchecking, don't you need it too ?

Dhana-Krishnasamy commented 4 years ago

@Dhana-Krishnasamy The http server is required for healtchecking, don't you need it too ?

Good question, I think it would be nice if promtail could post the health info as well like the log it scraps. Unsecure port is a no-go for us.

mm2175 commented 1 year ago

How to disable grpc server only? Our use cases want to disable grpc server and keeps http server.

sjonpaulbrown commented 10 months ago

How to disable grpc server only? Our use cases want to disable grpc server and keeps http server.

For those who find their way here from Google, the disable flag was added to the server config as part of the following PR. It defaults to false.