mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
[docs]: Update Prometheus docs with security info (#2246)
## About the changes Prometheus metrics should not be exposed to the public. Added a note about this to inform people that internal endpoints should be dropped on external access. ## Discussion points https://unleash-community.slack.com/archives/CGP2MCHPF/p1666688295670459 ## Commits * [docs]: Update Prometheus docs with security info * Apply suggestions from code review Co-authored-by: Thomas Heartman <thomas@getunleash.ai> * Add info about Prometheus security Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
This commit is contained in:
parent
0553976240
commit
3edca3efe8
@ -7,7 +7,9 @@ title: /internal-backstage/prometheus
|
||||
|
||||
`GET http://unleash.host.com/internal-backstage/prometheus`
|
||||
|
||||
Unleash uses prometheus internally to collect metrics. These are available on the given url if the `serverMetrics` option is enabled (default=true).
|
||||
Unleash uses Prometheus internally to collect metrics. By default, the metrics are available at `/internal-backstage/prometheus`. You can disable this endpoint by setting the `serverMetrics` option to `false`.
|
||||
|
||||
Note that it's not recommended to expose Prometheus metrics to the public as of the [Prometheus pentest-report](https://prometheus.io/assets/downloads/2018-06-11--cure53_security_audit.pdf) issue PRM-01-002. Thus, if you want to keep metrics enabled, you should block all external access to `/internal-backstage/*` on the network layer to keep your instance secure.
|
||||
|
||||
[Read more about Prometheus](https://prometheus.io/)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user