mbugert
commented
3 years ago Hi, sorry for taking so long to respond.
Yes, the communication between Connect Box and connectbox-exporter uses HTTP and basic auth, but the communication between prometheus and connectbox-exporter is entirely unsecured. I would also not feel well exposing my modem metrics to the public. When I wrote this exporter, I expected most people to use it at home (i.e. in a trusted environment) so TLS and authentication were not on my todo list.
There are several alternative options though which may work:
- You could establish a VPN between your RPi and the remote system running prometheus (via OpenVPN, Wireguard, etc.) to secure the connection between connectbox-exporter and prometheus.
- Using prometheus' federation feature, it may be possible to run a second prometheus instance on the RPi, then retrieve its metrics from the remote prometheus. From what I can tell, authentication support in prometheus is still in development, but a secure connection between two prometheus instances may be possible, either with the experimental HTTPS/auth support or reverse proxying.
Personally, I would go with option 1. This would also be more practical for resolving issues in case the internet connection at the location with the Connect Box breaks down (assuming you can still connect to the RPi through a secondary mobile connection in such a scenario).
Best, mbugert
RickvanLoo
I was wondering if this project supports TLS/Auth out of the box. For my use case, I was planning on running Prometheus remotely while having this exporter run locally on a Raspberry Pi. I've got no experience yet with Prometheus, but as far as I can see this tool exposes modem metrics via an unsecured and open API, which I think might be a bit risky. Older firmware versions had some exploits available, and metrics like uptime/temperature gives access to more intelligence about your household to potential attackers.