matiaslopezd
commented
1 year ago Would be cool to add an endpoint for monitoring! Maybe return a number of active connections? Also, can setting whitelisted IPs for access to the Rest API would be nice!
Open weiss opened 1 year ago
matiaslopezd
commented
1 year ago Would be cool to add an endpoint for monitoring! Maybe return a number of active connections? Also, can setting whitelisted IPs for access to the Rest API would be nice!
weiss
commented
1 year ago Would be cool to add an endpoint for monitoring! Maybe return a number of active connections?
Have you seen mod_stats_prometheus and the metrics it returns?
matiaslopezd
commented
1 year ago Nice! 👏🏻 In terms of security is better to put a proxy server like Nginx in front of Prometheus port? The idea is to restrict which IPs can access that endpoint. The Internet is too dangerous 🥲
weiss
commented
1 year ago In terms of security is better to put a proxy server like Nginx in front of Prometheus port? The idea is to restrict which IPs can access that endpoint.
Yes, I'd recommend using some reverse proxy like Nginx. For just restricting access based on IP addresses, some nftables/whatever rule would do the trick as well of course, but I guess it's generally not a bad idea to put a proper, battle-tested and full-featured web server in front of such API endpoints. (Plus in practice I often end up wanting to make different endpoints available on the same system via https://example.com/foo and https://example.com/bar, which requires a proxy anyway.)
Include a
mod_restmodule to expose theeturnalctlcommands via HTTP.