Prometheus的UI界面登录是没有认证,我们通过nginx basic添加认证机制

安装Nginx

下载地址:http://nginx.org/en/download.html

# 编译
tar zxvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make
make install
# 验证是否安装成功
cd /usr/local/nginx
./sbin/nginx -t

安装apache-htpasswd工具

yum -y install httpd-tools

配置认证账号

cd /usr/local/nginx/conf
# 账号admin ,然后设置密码
htpasswd -c ht.passwd admin

在nginx.conf配置

server {
        listen       80;
        client_body_buffer_size 20m;
        server_name  ~^(.+)?.twf.cn$;
        if ($host = prometheus.twf.cn){
                rewrite ^(.*)$ https://$host$1 permanent;
        }
    }

    server {
        listen  443 ssl;
        server_name  ~^(.+)?.twf.cn$;
        client_body_buffer_size 20m;

        ssl_certificate     /usr/local/nginx/cert/ca.pem;
        ssl_certificate_key  /usr/local/nginx/cert/ca.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers  on;

        location / {
                if ($host = prometheus.twf.cn){
                        proxy_pass http://127.0.0.1:9090;
                }
                auth_basic "Basic Authentication";
                auth_basic_user_file "ht.passwd";
                client_max_body_size    100m;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

配置Prometheus

主要重新配置Prometheus启动参数

nohup prometheus --config.file prometheus.yml --storage.tsdb.path=/data/prometheus --web.external-url=http://localhost:19090   --web.route-prefix="/"  --web.enable-lifecycle  --web.listen-address="localhost:9090"  >> logs/prometheus.log &