I am not having any issues with caddy, but I have questions about the process of gathering data as I am currently exposing the admin port on my private network and not just on localhost.
This is more so a general question as I couldn’t find anything on the documentation about it or in this forum.
Currently I have prometheus pulling from the host as opposed to the host pushing to prometheus (which in this case would be way better and if there is no other options I might research a way to do that).
I’m only guessing here since this isn’t my field of expertise. Research I found though indicates you could create a separate Caddyfile directive and expose its metrics to a specific port. It may only work on Caddy version 1, though.
:2020 {
metrics
}
Then you’d configure your firewall or load balancer to allow traffic to port 2020 from your monitoring system.
If you still want to do it with Caddy, and the metrics are merged with the admin setting as I suspect, then you have to secure it to the best of your abilities. The most reliable and recommended method would be to secure the admin port using strong authentication mechanisms like basic auth, token-based auth, or API keys. You’d also want to limit access to the admin port to specific IP addresses or networks using firewall rules. TLS would encrypt traffic to the admin port to protect against eavesdropping.
I don’t know much about Prometheus, but apparently you can use a Prometheus Exporter to scrape metrics from Caddy and expose them on a different port or via a different protocol.
That did not work as expected, I was thinking they may have been a workaround around it.
I did saw on their docs
Blockquote
Note that a /metrics endpoint is also attached to the admin API, which is not configurable, and is not available when the admin API is disabled.
I guess it’s simply tied to it, kind of don’t like that at all. I’ll update here once I come up with an alternative.
What @TheRettom wrote is correct, you can use the metrics directive in any site block to serve the metrics data. It doesn’t have to only be served by admin.
In what way? Show what you tried (your config) and your logs if you think it’s not working.
Next time, please fill out the help topic template as per the forum rules.
That’s saying “the metrics handler that is enabled on the admin endpoint, cannot be reconfigured”. That’s all. It doesn’t say you can’t configure it elsewhere.