search

ujamii / prometheus-sentry-exporter

Exports sentry project metrics for prometheus.
MIT License
38 stars 12 forks source link

Skip tls verify #11

Closed AlexZalyalowa closed 3 years ago

AlexZalyalowa commented 3 years ago

Hello. I have s self-sighnet sertificate on sentry server and I get this error while trying to use exporter

Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) in /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:201 Stack trace: #0 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array) #1 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #2 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #3 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__in in /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 201

Can I skip tls verify some how?

mgrundkoetter commented 3 years ago

It is not possible right now to pass options to the guzzle command. I would recommend to use a Let's Encrypt certificate instead of a self signed certificate in the first place as this should also prevent other problems, like browser safety warnings. And of course, it's also more secure. So maybe it is a solution to use another certificate?

immenz commented 3 years ago

Hello,

sorry for the off-topic, but can you describe in short, why a lets encrypt certificate is more secure than a self signed one (own CA added in browser, so thats not a problem)

mgrundkoetter commented 3 years ago

No :-) The certificate itself is no more or less secure but as a self signed certificate is not trusted by anyone, so you have to decide yourself whether to trust it or not. I guess if you created it yourself and if you are the only user of your own platform, it should be fine. As soon as a third person needs to decide, I would not recommend it. Using Let's Encrypt should not be more effort than creating certificates and a CA yourself, so I see no reason to not make it future proof from the beginning.

mgrundkoetter commented 3 years ago

As there is obviously no more interest in this topic, I will close this issue by the end of March. The issue can be solved by using another certificate (e.g. a Let's Encrypt one). If anyone wants to provide a PR for this feature anyway, feel free!