Prometheus 1.5.2 behind Apache 2.4 reverse proxy

Question

I want to place Prometheus behind an Apache reverse proxy for authentication and access control. This is for the version of Prometheus that comes with Debian Stretch (prometheus --version indicates version 1.5.2+ds (branch: debian/sid, revision: 1.5.2+ds-2+b3)) and for Apache 2.4.

I already have Prometheus listening on 127.0.0.1:9090 (e.g. according to netstat -tlpn) and I have this in my VirtualHost configuration:

<Location "/prometheus">
  ProxyPass "http://localhost:9090"
  ProxyPassReverse "http://localhost:9090"
</Location>

However, when I visit https://my-server.com/prometheus a redirect to https://my-server.com/graph occurs (by way of HTTP status code 302 and Location: /graph), which cannot be served by the reverse proxy in its current configuration.

How can I change the configuration for this version of Prometheus) such that a visit to https://my-server.com/prometheus will successfully redirect to https://my-server.com/prometheus/graph, i.e. all Prometheus-related "things" will be served under a common URL prefix /prometheus?

UPDATE One thing that currently puzzles me is that Prometheus' CHANGELOG.md indicates that command line flag -web.route-prefix was introduced back in version 1.0.0, but the Debian package's /etc/default/prometheus does not mention this flag, although it mentions many others (as if it would not support it despite ostensibly being based on version 1.5.2).

score 2 · Answer 1 · answered Aug 01 '18 at 10:23

2

I'm running newer versions of prometheus now, I had this in the 1.X series as well,

-web.external-url=https://<proxyhost>/prometheus

Try and see if it works in your version (I can't find any old documentation online, but some old github issues seems to relate to it as well).

answered Aug 01 '18 at 10:23

Fredrik

540
2
13

1

Thanks, but that did not seem to work. – Drux Aug 02 '18 at 15:09

score 1 · Answer 2 · answered Apr 21 '20 at 09:41

1

You must configure also --web.route-prefix.

"http://TOTO/prometheus" --> nginx --> "http://localhost:9090" --> prometheus

The solution is:

-web.external-url=https://<proxyhost>/prometheus --web.route-prefix=/

answered Apr 21 '20 at 09:41

Thomas Decaux

1,289
12
13

Thank you. It's usually stuff like this that makes people run away from infra work – milosmns Sep 06 '20 at 10:21

score 1 · Answer 3 · answered Aug 24 '20 at 11:09

Below config works even without "-web.external-url" option on Prometheus-core side. You can also redirect Alert Manager within the same VirtualHost. So on /prometheus/ - is Prometheus and on /manager/ - is the Alert Manager

<VirtualHost *:80>
    ProxyRequests On
    ProxyPreserveHost On
    RewriteEngine On
    ProxyPass /prometheus/ http://localhost:9090/
    ProxyPassReverse /prometheus/ http://localhost:9090/
    Redirect "/" "/prometheus/"

    ProxyPass /manager/ http://localhost:9093/
    ProxyPassReverse /manager/ http://localhost:9093/
    Redirect "/#/alerts" "/manager/#/alerts"
</VirtualHost>

Drux · Answer 4 · 2018-08-02T15:34:38.940

The following Apache configuration for the reverse proxy (only relevant part shown) solved the problem in my situation (in a somewhat clumsy way):

<Location "/">
  Redirect "/alerts" "/prometheus/alerts"
  Redirect "/api" "/prometheus/api"
  Redirect "/config" "/prometheus/config"
  Redirect "/flags" "/prometheus/flags"
  Redirect "/graph" "/prometheus/graph"
  Redirect "/rules" "/prometheus/rules"
  Redirect "/static" "/prometheus/static"
  Redirect "/status" "/prometheus/status"
  Redirect "/targets" "/prometheus/targets"
</Location>
<Location "/prometheus">
  ProxyPass "http://localhost:9090"
  ProxyPassReverse "http://localhost:9090"
</Location>

Prometheus 1.5.2 behind Apache 2.4 reverse proxy

4 Answers4