prometheus-explorer icon indicating copy to clipboard operation
prometheus-explorer copied to clipboard
verified publisher icon spreadshirt

Allow user-supplied certs for communication with Prometheus server

Open peterbourgon opened this issue 4 years ago • 2 comments

I have a use case which would require HTTPS (#1) as well as custom certs, e.g. as cURL

curl \
  --cacert my_ca_cert.crt --cert my_cert.crt --key my_key.key \
  --data 'query=count(up) by (job)' https://my.example.com/prometheus/my_segment/api/v1/query

I understand it's nontrivial, given the communication with Prometheus happens entirely in JS. But maybe can has? 😇

peterbourgon avatar Feb 16 '21 20:02 peterbourgon

Shouldn't a new cacert be enough? I.e. adding the custom one to https://pkg.go.dev/crypto/tls#Config.RootCAs?

As for the requests from JavaScript, that is indeed nontrivial. :sweat_smile:

The easiest way would be to add the certificate to the system certificate pool, is that an option for your usecase?

heyLu avatar Feb 22 '21 14:02 heyLu

It's not just the CA — the server fronting my Prometheus does mutual TLS auth with the certificate presented by the client. Alas.

peterbourgon avatar Feb 22 '21 15:02 peterbourgon