Thanks Brian Candler for your reply.
We want to test the target url itself working. Here is my job and Blackbox
configuration. Please suggest
- job_name: 'blackbox'
honor_timestamps: true
scrape_interval: 1m
scrape_timeout: 10s
metrics_path: "/probe"
scheme: http
tls_config:
insecure_skip_verify: true
params:
module: [http_2xx]
static_configs:
- targets: [ '<url>' ]
bearer_token: "xxxxxxxxxx"
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: xxxxxx:9115
http_2xx:
prober: http
timeout: 5s
http:
tls_config:
insecure_skip_verify: True
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
follow_redirects: true
preferred_ip_protocol: "ip4"
On Sunday, June 25, 2023 at 4:32:59 PM UTC+5:30 Brian Candler wrote:
> You can see from wget that your original request is redirected to a second
> URL, which is redirected to a third. Therefore, you have to decide what
> you want to test: do you want to test that the original URL returns a
> redirect? Or do you want to test that the target URL itself is working?
> Those would be different configurations in blackbox_exporter.
>
> > level=info msg="Address does not match first address, not sending TLS
> ServerName" first=IP address=<hostname>
>
> That comes from here:
>
> https://github.com/prometheus/blackbox_exporter/blob/v0.24.0/prober/http.go#L167-L172
> Since the original request caused a redirect, the ServerName isn't set on
> the redirected target.
>
> > wget: server returned error: HTTP/1.1 403 Forbidden
>
> This means you're not authenticating to the target host - which is the
> same as you got from prometheus. You can add extra flags to wget or curl
> to set your bearer token, to check it works.
>
> Once that's working, you said you are setting "bearer token at job level".
> How are you doing this? Please show both the prometheus scrape job config
> and the blackbox exporter config (with the token itself blanked out)?
>
> You shouldn't be setting the bearer token header in the prometheus scrape
> job, because that would be authenticating prometheus to blackbox_exporter.
> Instead you should configure blackbox_exporter to authenticate to the
> target host. This was asked and answered recently:
> https://groups.google.com/g/prometheus-users/c/1Es9Ok9tK-s/m/tuBnU3OPBAAJ
> (you'll need to change the blackbox_exporter config slightly to set a
> bearer token header instead of basic auth)
>
> On Friday, 23 June 2023 at 09:14:55 UTC sri L wrote:
>
>> Hi all,
>>
>> We are trying to use blackbox exporter to monitor one of the URL using
>> http_2xx module and bearer token at job level for authorization, we are
>> receiving following error message and probe failed
>>
>> level=info msg="Address does not match first address, not sending TLS
>> ServerName" first=IP address=<hostname>
>> level=info msg="Invalid HTTP response status code, wanted 2xx"
>> status_code=403
>> level=error msg="Probe failed" duration_seconds=0.231352246
>>
>> Connectivity from prometheus pod
>> /prometheus $ wget -S <URL>
>> Connecting to <URL> (xx.x.xx.x:80)
>> HTTP/1.1 302 Moved Temporarily
>> Date: Fri, 23 Jun 2023 09:07:18 GMT
>> Content-Type: text/html
>> Content-Length: 138
>> Connection: close
>> Location: < <http://jenkins-dev.onedev.neustar.biz/cjoc/teams-check/>
>> URL>
>> Connecting to <URL> (xx.x.xx.x:80)
>> HTTP/1.1 308 Permanent Redirect
>> Date: Fri, 23 Jun 2023 09:07:18 GMT
>> Content-Type: text/html
>> Content-Length: 164
>> Connection: close
>> Location: < <https://jenkins-dev.onedev.neustar.biz/cjoc/teams-check>
>> URL>
>> Connecting to <URL> (xx.x.xx.x:443)
>> wget: note: TLS certificate validation not implemented
>> HTTP/1.1 403 Forbidden
>> wget: server returned error: HTTP/1.1 403 Forbidden
>>
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/3d6fdc3e-bb8d-4f75-a4ca-ba736fa894c5n%40googlegroups.com.
