Home / server / Questions / 924238
In Process
Drux
Asked: 2018-08-01 01:17:10 +0800 CST

Prometheus 1.5.2 behind Apache 2.4 reverse proxy

  • 772

I want to place Prometheus behind an Apache reverse proxy for authentication and access control. This is for the version of Prometheus that comes with Debian Stretch (prometheus --version indicates version 1.5.2+ds (branch: debian/sid, revision: 1.5.2+ds-2+b3)) and for Apache 2.4.

I already have Prometheus listening on 127.0.0.1:9090 (e.g. according to netstat -tlpn) and I have this in my VirtualHost configuration:

<Location "/prometheus">
  ProxyPass "http://localhost:9090"
  ProxyPassReverse "http://localhost:9090"
</Location>

However, when I visit https://my-server.com/prometheus a redirect to https://my-server.com/graph occurs (by way of HTTP status code 302 and Location: /graph), which cannot be served by the reverse proxy in its current configuration.

How can I change the configuration for this version of Prometheus) such that a visit to https://my-server.com/prometheus will successfully redirect to https://my-server.com/prometheus/graph, i.e. all Prometheus-related "things" will be served under a common URL prefix /prometheus?

UPDATE One thing that currently puzzles me is that Prometheus' CHANGELOG.md indicates that command line flag -web.route-prefix was introduced back in version 1.0.0, but the Debian package's /etc/default/prometheus does not mention this flag, although it mentions many others (as if it would not support it despite ostensibly being based on version 1.5.2).

apache-2.4

4 Answers

  1. I'm running newer versions of prometheus now, I had this in the 1.X series as well,

    -web.external-url=https://<proxyhost>/prometheus

    Try and see if it works in your version (I can't find any old documentation online, but some old github issues seems to relate to it as well).

    • 2

  2. You must configure also --web.route-prefix.

    "http://TOTO/prometheus" --> nginx --> "http://localhost:9090" --> prometheus

    The solution is:

    -web.external-url=https://<proxyhost>/prometheus --web.route-prefix=/
    • 1

  3. Below config works even without "-web.external-url" option on Prometheus-core side. You can also redirect Alert Manager within the same VirtualHost. So on /prometheus/ - is Prometheus and on /manager/ - is the Alert Manager

    <VirtualHost *:80>
    ProxyRequests On
    ProxyPreserveHost On
    RewriteEngine On
    ProxyPass /prometheus/ http://localhost:9090/
    ProxyPassReverse /prometheus/ http://localhost:9090/
    Redirect "/" "/prometheus/"

    ProxyPass /manager/ http://localhost:9093/
    ProxyPassReverse /manager/ http://localhost:9093/
    Redirect "/#/alerts" "/manager/#/alerts"
</VirtualHost>
    • 1

  4. The following Apache configuration for the reverse proxy (only relevant part shown) solved the problem in my situation (in a somewhat clumsy way):

    <Location "/">
  Redirect "/alerts" "/prometheus/alerts"
  Redirect "/api" "/prometheus/api"
  Redirect "/config" "/prometheus/config"
  Redirect "/flags" "/prometheus/flags"
  Redirect "/graph" "/prometheus/graph"
  Redirect "/rules" "/prometheus/rules"
  Redirect "/static" "/prometheus/static"
  Redirect "/status" "/prometheus/status"
  Redirect "/targets" "/prometheus/targets"
</Location>
<Location "/prometheus">
  ProxyPass "http://localhost:9090"
  ProxyPassReverse "http://localhost:9090"
</Location>
    • 0