Node Exporter Basic Auth (docker-compose)

Question

I want to set up node exporter on my server to be monitored using docker compose but do not want the metrics to be freely available to all.

My current docker-compose.yml file looks like this;

version: '3.8'

networks:
  monitoring:
    driver: bridge

volumes:
  prometheus_data: {}

services:
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: unless-stopped
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.rootfs=/rootfs'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
      - '--collector.netclass.ignored-devices=^(veth.*)$$'
    ports:
      - 9100:9100
    networks:
      - monitoring
    labels:
      org.label-schema.group: "monitoring"

When I add the following line to my docker-compose.yml file, I get error message below.

    basic_auth_users:
      prometheus: my_pass

services.node-exporter Additional property basic_auth_users is not allowed.

Can someone please help me where I am making mistakes or how the whole thing would work?

Ps: I would like to install on the server to be monitored only Node-Exporter since a Prometheus instance is not necessary there.... (Correct me if it is wrong approach)

Best regards

Answer 1

Answer:

Your problem is basic_auth_users is not valid sub-element of services element in docker compose file

You could check detail in document of compose file

Solution:

If you want to set basic auth for node-exporter by using image prom/node-exporter:latest in docker-compose, you should mount volume with basic auth config

Example:

docker-compose.yml

version: '3'
services:
  node_exporter:
    image: quay.io/prometheus/node-exporter:latest
    container_name: node_exporter
    command: 
      - "--path.rootfs=/host"
      - "--web.config.file=/etc/prometheus/web.yml"  # --> set config file
    ports:
      - 9100:9100
    pid: host    
    restart: unless-stopped
    volumes:
      - '/:/host:ro,rslave'
      - ./config/web.yml:/etc/prometheus/web.yml # --> mount config file

web.yml

basic_auth_users:
  <your_username>: <your_password>

Another option:

If you prefer to configure basic authentication through environment variables rather than using a mounted volume in docker-compose, you may want to consider using a different image.

I have built an docker image for this option vuongtlt13/node_exporter

Example:

version: '3'
services:
  node_exporter:
    image: vuongtlt13/node_exporter
    container_name: node_exporter
    command:
      - "--path.rootfs=/host"
    ports:
      - 9100:9100
    pid: host
    restart: unless-stopped
    volumes:
      - '/:/host:ro,rslave'
    environment:
      - BASIC_AUTH_USERNAME=admin
      - BASIC_AUTH_PASSWORD=admin