The YAML parsing error is simply saying that under "http_server_config",
you cannot put "Strict-Transport-Security".
The documentation says that the only keys allowed under
"http_server_config" are "http2" and "headers". So it needs to be like this:
http_server_config:
headers:
Strict-Transport-Security: <string>
On Wednesday 17 January 2024 at 15:43:06 UTC+8 Alexander Wilke wrote:
> Hello,
>
> I am running:
>
> node_exporter, version 1.7.0 (branch: HEAD, revision:
> 7333465abf9efba81876303bb57e6fadb946041b)
> build date: 20231112-23:53:35
> go version: go1.21.4
> platform: linux/amd64
> tags: netgo osusergo static_build
>
>
>
> Vulnerability scan complained that HSTS is not enabled so I wanted to
> enable it:
>
> tls_server_config:
> cert_file: "/opt/node_exporter/node_exporter.pem"
> key_file: "/opt/node_exporter/node_exporter.key"
>
> min_version: "TLS12"
> max_version: "TLS13"
>
> client_auth_type: "NoClientCert"
>
> basic_auth_users:
> userxxxx: 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
>
> http_server_config:
> Strict-Transport-Security: max-age=31536000 # 1 year
>
>
> Unfortunately I get this error:
>
> node_exporter: ts=2024-01-17T07:30:04.483Z caller=node_exporter.go:223
> level=error err="yaml: unmarshal errors:\n line 14: field
> Strict-Transport-Security not found in type web.HTTPConfig"
> systemd: node_exporter.service: main process exited, code=exited,
> status=1/FAILURE
>
>
> I tried to configure it based on this documentation:
> https://prometheus.io/docs/prometheus/latest/configuration/https/
>
> probably I need the other parameters, too like:
> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains;
> preload
> How to get this working?
>
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/prometheus-users/dd0e574e-e515-421c-881a-1af7e297e468n%40googlegroups.com.
