Getting Discourse to see the Prometheus server IP

Thanks!

Enabled cloudflare.template.yml. :slight_smile: But if I understand correctly, That was just to disable rate limiting on traffic coming from cloudflare’s IP addresses.

For now, This is what my prometheus config looks like,

scrape_configs:
        - job_name: forum
          scrape_interval: 5s
          scheme: https
          static_configs:
                  - targets:
                          - forum-behind-cloudflare-dns-proxy.com

Now, The issue I am facing is, Discourse doesn’t get to see the actual IP address of a request. So, For the allow list approach to work, I have tried this.

  1. Added my prometheus server’s IPv6 address to the DISCOURSE_PROMETHEUS_TRUSTED_IP_WHITELIST_REGEX env variable in app.yml.

  2. Hard coded forum’s actual IPv6 address in /etc/hosts on the prometheus server. Now, The forum can see the IP address of my prometheus server and allow access to it. :slight_smile:

I still have some other problems, Like, I am running prometheus in a container. `/etc/hosts/ from host is not shared inside the container. So, It keeps resolving forum address to a cloudflare IP and fails during authentication.

I can share /etc/hosts from host in docker container like, -v /etc/hosts:/etc/hosts while starting up prometheus but that results in a error like,

Get "https://forum-behind-cloudflare-dns-proxy.com:443/metrics": dial tcp [<ipv6-address>]:443: connect: cannot assign requested address

Now, I just have to resolve this problem.

Edit #1: Figured this out as well. IPv6 was disabled inside docker container. I can fix it by enabling IPv6 in docker container or just --net=host.