Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the default binding address to localhost. #8

Open
stefantalpalaru opened this issue Aug 22, 2019 · 1 comment
Open

Change the default binding address to localhost. #8

stefantalpalaru opened this issue Aug 22, 2019 · 1 comment

Comments

@stefantalpalaru
Copy link

By default, the Prometheus collection endpoint should be served from 0.0.0.0:8008.

Avoid a whole set of HTTP server vulnerabilities by listening only on localhost by default.
@staccDOTsol
Copy link

To change the default binding address to localhost for the Prometheus collection endpoint, you can modify the configuration file. Locate the configuration file for Prometheus, which is typically named prometheus.yml. Open the file and find the scrape_configs section.

Within the scrape_configs section, you will find a list of targets. Look for the target that corresponds to the Prometheus collection endpoint, which is usually named prometheus. Under this target, you will find the params section.

To change the binding address to localhost, modify the params section as follows:

params:
  listen_address: localhost:8008

Save the changes to the configuration file and restart the Prometheus service for the changes to take effect. Now, the Prometheus collection endpoint will only be served from localhost on port 8008, reducing the exposure to potential HTTP server vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefantalpalaru @staccDOTsol