Is it possible to tls_skip_verify the metrics endpoint?

btkostner · February 19, 2022, 4:20am

Is it possible to skip tls verification on a metrics endpoint?

Background here, I’m trying to setup Cockroach DB (which is working great so far) in secure mode. This means that the web UI (including the healthcheck and metrics endpoint) are behind self signed tls certificates. I can skip tls on the healthcheck, but not the metrics endpoint. Here is the fly.toml file I’m using:

# fly.toml file generated for cockroach on 2022-02-18T17:42:09-07:00

app = "cockroach"

kill_signal = "SIGTERM"
kill_timeout = 90
services = []

[checks]
  [checks.crdb]
    grace_period = "60s"
    interval = "15s"
    method = "get"
    path = "/health"
    port = 8080
    protocol = "https"
    timeout = "10s"
    tls_skip_verify = true
    type = "http"

[deploy]
  strategy = "rolling"

[experimental]
  allowed_public_ports = []
  auto_rollback = true
  private_network = true

[metrics]
  path = "/_status/vars"
  port = 8080
  protocol = "https"
  tls_skip_verify = true

[[mounts]]
  destination = "/cockroach/cockroach-data"
  source = "crdb_data"

charsleysa · February 20, 2022, 6:15am

Hi @btkostner

Metrics currently doesn’t support https requests, only http.

Topic		Replies	Views
HTTPS Checks now support true TLS certificate verification Fresh Produce	0	339	July 24, 2023
Authenticated requests for health_checks and Prometheus Metric Scraping? Questions / Help metrics	7	1243	November 29, 2022
Protecting metrics and health endpoints	2	392	May 13, 2021
Hide metrics endpoint metrics , proxy	4	87	September 30, 2024
Prometheus endpoint configuration Questions / Help	5	561	March 30, 2022

Is it possible to tls_skip_verify the metrics endpoint?

Related topics