Ability to insecure_skip_verify

prometheus-community / PushProx

Proxy to allow Prometheus to scrape through NAT etc.

Apache License 2.0

719 stars 133 forks source link

Ability to insecure_skip_verify #97

Closed andsk8 closed 3 years ago

andsk8 commented 3 years ago

It would be very nice, that after https has been implemented with: params: _scheme: [https] that we could also add some tls_config, like ca_file or insecure_skip_verify: true in order to be able to pull some metrics from a ssl target that has a private certificate. I'm getting this error: caller=main.go:85 err="failed to scrape https://fqdn:port/metrics: Get \"https://fqdn:port/metrics\": x509: certificate signed by unknown authority" Thanks

andsk8 commented 3 years ago

Figured out, you need to specify where you run the pushprox-client what the CA is, with the flag --tls.cacert=

Ending up with something like this:

/usr/local/bin/pushprox-client --proxy-url=http://fqdn:8080/ --tls.cacert=/etc/sysconfig/ca.cer