Add Auth to Prometheus Container

monitoring

Using docker-compose to run a prometheus container that I wanted basic auth added to.

My docker-compose file is shown below:

version: '3'

volumes:
  prometheus-data:
    driver: local

services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    volumes:
      - /opt/prometheus/etc:/etc/prometheus
      - prometheus-data:/prometheus
    restart: unless-stopped
    command:
      - "--config.file=/etc/prometheus/prometheus.yml"
      - "--web.config.file=/etc/prometheus/web.yml"
    labels:
      - traefik.enable=true
      - traefik.http.routers.prometheushttp.rule=(Host("some.domain.name"))
      - traefik.http.routers.prometheushttp.entrypoints=web
      - traefik.http.routers.prometheushttp.tls=false
      - traefik.http.routers.prometheushttps.tls.certresolver=myresolver
      - traefik.http.routers.prometheushttps.entrypoints=websecure
      - traefik.http.routers.prometheushttps.rule=Host("some.domain.name")
      - traefik.http.routers.prometheushttps.tls=true
      - traefik.http.services.prometheushttps.loadbalancer.server.port=9090
    networks:
      - web
networks:
  web:
    external: true

Notice that I am mounting a directory from the host into /etc/prometheus on the container exposing the web.yml file (see below). Also I am specifying the web.yml file as a command line parameter when prometheus starts.

The web.yml file contents:

basic_auth_users:
    admin: $2a$04$QPJ4PpcQ5UjIIraREDacteduTGCvWbC4WMMwDK3fMD0a

The password should be encrypted using bcrypt – there are online tools for that or use htpasswd.

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>