Thanks!
Enabled cloudflare.template.yml
. But if I understand correctly, That was just to disable rate limiting on traffic coming from cloudflare’s IP addresses.
For now, This is what my prometheus config looks like,
scrape_configs:
- job_name: forum
scrape_interval: 5s
scheme: https
static_configs:
- targets:
- forum-behind-cloudflare-dns-proxy.com
Now, The issue I am facing is, Discourse doesn’t get to see the actual IP address of a request. So, For the allow list approach to work, I have tried this.
-
Added my prometheus server’s IPv6 address to the
DISCOURSE_PROMETHEUS_TRUSTED_IP_WHITELIST_REGEX
env variable inapp.yml
. -
Hard coded forum’s actual IPv6 address in
/etc/hosts
on the prometheus server. Now, The forum can see the IP address of my prometheus server and allow access to it.
I still have some other problems, Like, I am running prometheus in a container. `/etc/hosts/ from host is not shared inside the container. So, It keeps resolving forum address to a cloudflare IP and fails during authentication.
I can share /etc/hosts
from host in docker container like, -v /etc/hosts:/etc/hosts
while starting up prometheus but that results in a error like,
Get "https://forum-behind-cloudflare-dns-proxy.com:443/metrics": dial tcp [<ipv6-address>]:443: connect: cannot assign requested address
Now, I just have to resolve this problem.
Edit #1: Figured this out as well. IPv6 was disabled inside docker container. I can fix it by enabling IPv6 in docker container or just --net=host
.