Hello,
i am new with prometheus and i am trying to monitor my SpringBoot app.
My SpringBoot app is using selft-signed pkcs12-Zertificate.
My application.properties:
server.ssl.key-store=classpath:skylink.p12
server.ssl.key-store-password=******
server.ssl.key-store-type=pkcs12
server.ssl.key-aias=linksky
server.ssl.key-password=*****
So, i have just a skylink.p12 certificate in my ressources-folder.
And here is my prometheus.yml
scrape_configs:
- job_name: ‘linksky_monitoring’
scrape_interval: 2s
metrics_path: ‘/linksky/actuator/prometheus’
static_configs:
- targets: [‘host.docker.internal:5550’]
scheme: https
tls_config:
cert_file: ‘/etc/prometheus/skylink.p12’
insecure_skip_verify: true
Although i set ‘scheme: https’ i can see in my prometheus container:
ts=2022-05-21T21:31:10.245Z caller=tls_config.go:195 level=info component=web msg="TLS is disabled.
How can i enable TLS?
Maybe i need “key_file” in my prometheus.yml also? but i dont have it, i have just created with java-keytool jks-file and p12-file.
Please help.
You will need to extract the keys from the p12 for Prometheus to use them.
thx,
i’ve created my p12 with java’s keytool.
Now i’ve extracted private key like this:
openssl pkcs12 -in skylink.p12 -nocerts -out privateKey.pem
and public key:
openssl pkcs12 -in skylink.p12 -clcerts -nokeys -out publicCert.pem
Now, i have this prometheus-config:
scrape_configs:
- job_name: ‘linksky_monitoring’
scrape_interval: 2s
metrics_path: ‘/jReditt/actuator/prometheus’
static_configs:
- targets: [‘host.docker.internal:5550’]
scheme: https
tls_config:
cert_file: ‘/etc/prometheus/publicCert.pem’
key_file: ‘/etc/prometheus/privateKey.pem’
insecure_skip_verify: true
and in my prometheus-container i have error like this:
ts=2022-05-24T12:48:59.880Z caller=main.go:1199 level=info msg=“Completed loading of configuration file” filename=/etc/prometheus/prometheus.yml totalDuration=9.5176ms db_storage=2.1µs remote_storage=2.9µs web_handler=900ns query_engine=1.8µs scrape=586.1µs scrape_sd=81.7µs notify=1.6µs notify_sd=4.1µs rules=2µs tracing=10.4µs
ts=2022-05-24T12:48:59.881Z caller=main.go:930 level=info msg=“Server is ready to receive web requests.”
ts=2022-05-24T12:49:04.901Z caller=manager.go:200 level=error component=“scrape manager” msg=“error creating new scrape pool” err=“error creating HTTP client: unable to use specified client cert (/etc/prometheus/publicCert.pem) & key (/etc/prometheus/privateKey.pem): tls: failed to parse private key” scrape_pool=linksky_monitoring
how should i set privateKey.pem and a publicCert.pem?