// Aula 34 - Segurança no Prometheus

# cd /etc/prometheus

# openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout prometheus.key -out prometheus.crt -subj "/CN=localhost" -addext "subjectAltName = DNS:localhost"

# web.yml

tls_server_config:
  cert_file: prometheus.crt
  key_file: prometheus.key

# promtool check web-config web.yml

# vim /etc/systemd/system/prometheus.service


...
--web.config.file=/etc/prometheus/web.yml

PS: coloque o caminho completo do seu arquivo.

# chown prometheus.prometheus /etc/prometheus/{web.yml,prometheus.key,prometheus.crt}

# systemctl daemon-reload

# systemctl restart prometheus

# curl --cacert prometheus.crt https://localhost:9090/metrics

prometheus.yml

scrape_configs:
  - job_name: prometheus
    scheme: https
    tls_config:
      ca_file: prometheus.crt
    static_configs:
      - targets: ["localhost:9090"]

# systemctl restart prometheus