-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
- Loading branch information
1 parent
ce10837
commit 752e658
Showing
22 changed files
with
1,698 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
--- | ||
title: HTTPS and authentication | ||
sort_rank: 11 | ||
--- | ||
|
||
# HTTPS and authentication | ||
|
||
Alertmanager supports basic authentication and TLS. | ||
This is **experimental** and might change in the future. | ||
|
||
Currentlu TLS is only supported for the HTTP traffic. Gossip traffic does not | ||
support encryption yet. | ||
|
||
To specify which web configuration file to load, use the `--web.config.file` flag. | ||
|
||
The file is written in [YAML format](https://en.wikipedia.org/wiki/YAML), | ||
defined by the scheme described below. | ||
Brackets indicate that a parameter is optional. For non-list parameters the | ||
value is set to the specified default. | ||
|
||
The file is read upon every http request, such as any change in the | ||
configuration and the certificates is picked up immediately. | ||
|
||
Generic placeholders are defined as follows: | ||
|
||
* `<boolean>`: a boolean that can take the values `true` or `false` | ||
* `<filename>`: a valid path in the current working directory | ||
* `<secret>`: a regular string that is a secret, such as a password | ||
* `<string>`: a regular string | ||
|
||
``` | ||
tls_server_config: | ||
# Certificate and key files for server to use to authenticate to client. | ||
cert_file: <filename> | ||
key_file: <filename> | ||
# Server policy for client authentication. Maps to ClientAuth Policies. | ||
# For more detail on clientAuth options: | ||
# https://golang.org/pkg/crypto/tls/#ClientAuthType | ||
[ client_auth_type: <string> | default = "NoClientCert" ] | ||
# CA certificate for client certificate authentication to the server. | ||
[ client_ca_file: <filename> ] | ||
# Minimum TLS version that is acceptable. | ||
[ min_version: <string> | default = "TLS12" ] | ||
# Maximum TLS version that is acceptable. | ||
[ max_version: <string> | default = "TLS13" ] | ||
# List of supported cipher suites for TLS versions up to TLS 1.2. If empty, | ||
# Go default cipher suites are used. Available cipher suites are documented | ||
# in the go documentation: | ||
# https://golang.org/pkg/crypto/tls/#pkg-constants | ||
[ cipher_suites: | ||
[ - <string> ] ] | ||
# prefer_server_cipher_suites controls whether the server selects the | ||
# client's most preferred ciphersuite, or the server's most preferred | ||
# ciphersuite. If true then the server's preference, as expressed in | ||
# the order of elements in cipher_suites, is used. | ||
[ prefer_server_cipher_suites: <bool> | default = true ] | ||
# Elliptic curves that will be used in an ECDHE handshake, in preference | ||
# order. Available curves are documented in the go documentation: | ||
# https://golang.org/pkg/crypto/tls/#CurveID | ||
[ curve_preferences: | ||
[ - <string> ] ] | ||
http_server_config: | ||
# Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. | ||
# This can not be changed on the fly. | ||
[ http2: <boolean> | default = true ] | ||
# Usernames and hashed passwords that have full access to the web | ||
# server via basic authentication. If empty, no basic authentication is | ||
# required. Passwords are hashed with bcrypt. | ||
basic_auth_users: | ||
[ <string>: <secret> ... ] | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
28 changes: 28 additions & 0 deletions
28
vendor/github.com/prometheus/common/config/http_config.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
vendor/github.com/prometheus/common/expfmt/text_parse.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.