Disable SSL on Prometheus /metrics

1. The problem I’m having:

I have enabled stats on my Caddyfile and they work great, but only when fetching from the host machine. If I try to fetch the metrics from the Prometheus machine, that is on another host in the same LAN, it does not work. This seems to be an issue with SSL and I would like to disable it.

2. Error messages and/or full log output:

No errors

3. Caddy version:

2.8.4

4. How I installed and ran Caddy:

Binaries

a. System environment:

Debian 12

b. Command:

No special command.

c. Service/unit/compose file:

No special config.

d. My complete Caddy config:

No special config.

5. Links to relevant resources:

No links.

If you’re fetching from the admin interface’s /metrics, port 2019 by default, then it’s only bound to localhost by default. API — Caddy Documentation

I couldn’t find on the docs how to change that. There’s no option for disabling SSL on prometheus.

According to the documentation you can add the metrics to any server, so just add it to a regular server running non-HTTP. metrics (Caddyfile directive) — Caddy Documentation

Can you share evidence of that? We need to know your configuration to know where/how metrics are enabled. It makes a difference. As @vvic said, if you’re talking about the interface on port 2019, the default address on that is localhost only.

1 Like

How do I change it to be non-localhost? Can’t it serve on the local IP? Meaning: 10.5.x.x or something, so that prometheus, on the same network, can call it.

I was finally able to fix this. For any future readers, this is how you can do it:

{
  auto_https off
}

:9200 {
  metrics
}

You don’t need auto_https off for that. If you serve it on a different port, it’ll be HTTP unless you give Caddy a domain name. See Caddyfile Concepts — Caddy Documentation

2 Likes

It did not work until I’ve added auto_https off. I tried putting just the port, then LAN IP:9200, http://LAN IP:9200, and other combinations. Should I report a bug?

I don’t believe that. There’s definitely no bug with having a site block with just a port, that will always be HTTP unless you use the HTTPS port (i.e. :443)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.