{"id":13583969,"url":"https://github.com/pambrose/prometheus-proxy","last_synced_at":"2026-02-16T02:44:18.169Z","repository":{"id":20349954,"uuid":"87608617","full_name":"pambrose/prometheus-proxy","owner":"pambrose","description":"Prometheus Proxy","archived":false,"fork":false,"pushed_at":"2025-03-18T06:37:46.000Z","size":46268,"stargazers_count":147,"open_issues_count":4,"forks_count":24,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-18T07:35:27.863Z","etag":null,"topics":["grpc","kotlin","prometheus","prometheus-proxy"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pambrose.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"License.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-08T04:45:11.000Z","updated_at":"2025-03-12T00:33:15.000Z","dependencies_parsed_at":"2023-01-12T03:30:33.325Z","dependency_job_id":"fcf62826-3d89-4b28-acaf-09960473835b","html_url":"https://github.com/pambrose/prometheus-proxy","commit_stats":null,"previous_names":[],"tags_count":66,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pambrose%2Fprometheus-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pambrose%2Fprometheus-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pambrose%2Fprometheus-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pambrose%2Fprometheus-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pambrose","download_url":"https://codeload.github.com/pambrose/prometheus-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247557059,"owners_count":20958036,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["grpc","kotlin","prometheus","prometheus-proxy"],"created_at":"2024-08-01T15:03:55.928Z","updated_at":"2026-02-16T02:44:18.164Z","avatar_url":"https://github.com/pambrose.png","language":"Kotlin","funding_links":[],"categories":["Kotlin"],"sub_categories":[],"readme":"[![JitPack](https://jitpack.io/v/pambrose/prometheus-proxy.svg)](https://jitpack.io/#pambrose/prometheus-proxy)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/422df508473443df9fbd8ea00fdee973)](https://app.codacy.com/gh/pambrose/prometheus-proxy/dashboard)\n[![Kotlin](https://img.shields.io/badge/%20language-Kotlin-red.svg)](https://kotlinlang.org/)\n[![ktlint](https://img.shields.io/badge/ktlint%20code--style-%E2%9D%A4-FF4081)](https://pinterest.github.io/ktlint/)\n\n# Prometheus Proxy\n\n[Prometheus](https://prometheus.io) is an excellent systems monitoring and alerting toolkit, which uses a pull model for\ncollecting metrics. The pull model is problematic when a firewall separates a Prometheus server and its metrics\nendpoints.\n\n[Prometheus Proxy](https://github.com/pambrose/prometheus-proxy) enables Prometheus to scrape metrics endpoints running\nbehind a firewall and preserves the native pull-based model architecture.\n\n## Table of Contents\n\n- [Architecture](#-architecture)\n- [Quick Start](#-quick-start)\n- [Building from Source](#-building-from-source)\n- [Configuration Examples](#-configuration-examples)\n- [Docker Usage](#-docker-usage)\n- [Advanced Features](#-advanced-features)\n- [Monitoring \u0026 Observability](#-monitoring--observability)\n- [Configuration Options](#-configuration-options)\n- [Security \u0026 TLS](#-security--tls)\n- [Troubleshooting](#-troubleshooting)\n- [License](#-license)\n\n## 🏗️ Architecture\n\nThe `prometheus-proxy` runtime comprises two services:\n\n* `proxy`: runs in the same network domain as Prometheus server (outside the firewall) and proxies calls from Prometheus\n  to the `agent` behind the firewall.\n* `agent`: runs in the same network domain as all the monitored hosts/services/apps (inside the firewall). It maps the\n  scraping queries coming from the `proxy` to the actual `/metrics` scraping endpoints of the hosts/services/apps.\n\nPrometheus Proxy solves the firewall problem by using a persistent gRPC connection initiated from inside the firewall.\nHere's a simplified network diagram of how the deployed `proxy` and `agent` work:\n\n![Architecture Diagram](https://github.com/pambrose/prometheus-proxy/raw/master/docs/prometheus-proxy.png)\n\nEndpoints running behind a firewall require a `prometheus-agent` (the agent) to be run inside the firewall. An agent can\nrun as a stand-alone server, embedded in another java server, or as a java agent. Agents connect to\na `prometheus-proxy` (the proxy) and register the paths for which they will provide data. One proxy can work with one or\nmany\nagents.\n\n### Components\n\n- **🌐 Proxy** - Runs outside the firewall alongside Prometheus\n  - HTTP server (port 8080) - Serves metrics to Prometheus\n  - gRPC server (port 50051) - Accepts agent connections\n  - Service discovery support for dynamic targets\n\n- **🔗 Agent** - Runs inside the firewall with monitored services\n  - Connects to proxy via gRPC (outbound connection only)\n  - Scrapes local metrics endpoints\n  - Registers available paths with proxy\n\n### Key Benefits\n\n- ✅ **Firewall-friendly** - Only requires outbound connection from agent\n- ✅ **Preserves pull model** - Prometheus continues to pull as normal\n- ✅ **High performance** - Built with Kotlin coroutines and gRPC\n- ✅ **Secure** - Optional TLS with mutual authentication\n- ✅ **Scalable** - One proxy supports many agents\n- ✅ **Zero changes** to existing Prometheus configuration patterns\n\n## 🚀 Quick Start\n\n**Requirements:** Java 17 or newer\n\n### CLI Quick Start\n\n1. Download the latest proxy and agent JAR files from [releases](https://github.com/pambrose/prometheus-proxy/releases)\n\n2. Start the **proxy** (runs outside the firewall with Prometheus):\n   ```bash\n   java -jar prometheus-proxy.jar\n   ```\n\n3. Start the **agent** (runs inside the firewall with your services):\n   ```bash\n   java -jar prometheus-agent.jar \\\n     -Dagent.proxy.hostname=mymachine.local \\\n     --config https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/myapps.conf\n\n   # or use --proxy option\n   java -jar prometheus-agent.jar \\\n     --proxy mymachine.local \\\n     --config https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/myapps.conf\n   ```\n\n4. Configure Prometheus to scrape from the proxy at `http://mymachine.local:8080`\n\n5. Verify it works with:\n   ```bash\n   curl -s http://mymachine.local:8080/app1_metrics | head\n\n   # or, if SD is enabled\n   curl -s http://mymachine.local:8080/discovery | jq '.'\n   ```\n\n### 🛠️ Building from Source\n\nIf you prefer to build the project from source:\n\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/pambrose/prometheus-proxy.git\n   cd prometheus-proxy\n   ```\n\n2. Build the fat JARs:\n   ```bash\n   ./gradlew shadowJar\n   ```\n\n3. The JARs will be available in `build/libs/`:\n  - `build/libs/prometheus-proxy.jar`\n  - `build/libs/prometheus-agent.jar`\n\n### Docker Quick Start\n\n```bash\n# Start proxy\ndocker run --rm -p 8080:8080 -p 50051:50051 pambrose/prometheus-proxy:3.0.0\n\n# Start agent\ndocker run --rm \\\n  --env AGENT_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \\\n  pambrose/prometheus-agent:3.0.0\n```\n\n## 📋 Configuration Examples\n\n### Agent Configuration\n\nIf the prometheus-proxy were running on a machine named *mymachine.local* and the\n`agent.pathConfigs` value in\nthe [myapps.conf](https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/myapps.conf)\nconfig file had the contents:\n\n```hocon\nagent {\n  pathConfigs: [\n    {\n      name: \"App1 metrics\"\n      path: app1_metrics\n      labels: \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": 2}\"\n      url: \"http://app1.local:9100/metrics\"\n    },\n    {\n      name: \"App2 metrics\"\n      path: app2_metrics\n      labels: \"{\\\"key3\\\": \\\"value3\\\", \\\"key4\\\": 4}\"\n      url: \"http://app2.local:9100/metrics\"\n    },\n    {\n      name: \"App3 metrics\"\n      path: app3_metrics\n      labels: \"{\\\"key5\\\": \\\"value5\\\", \\\"key6\\\": 6}\"\n      url: \"http://app3.local:9100/metrics\"\n    }\n  ]\n}\n```\n\nthen the *prometheus.yml* scrape_config would target the three apps with:\n\n* http://mymachine.local:8080/app1_metrics\n* http://mymachine.local:8080/app2_metrics\n* http://mymachine.local:8080/app3_metrics\n\nIf the endpoints were restricted with basic auth/bearer authentication, you could either include the basic-auth\ncredentials in the URL with: `http://user:pass@hostname/metrics` or they could be configured with `basic_auth`/\n`bearer_token` in the scrape-config.\n\n### Corresponding Prometheus Configuration\n\nThe `prometheus.yml` file would include:\n\n```yaml\nscrape_configs:\n  - job_name: 'app1 metrics'\n    metrics_path: '/app1_metrics'\n    bearer_token: 'eyJ....hH9rloA'\n    static_configs:\n      - targets: [ 'mymachine.local:8080' ]\n  - job_name: 'app2 metrics'\n    metrics_path: '/app2_metrics'\n    basic_auth:\n      username: 'user'\n      password: 's3cr3t'\n    static_configs:\n      - targets: [ 'mymachine.local:8080' ]\n  - job_name: 'app3 metrics'\n    metrics_path: '/app3_metrics'\n    static_configs:\n      - targets: [ 'mymachine.local:8080' ]\n```\n\n## 🐳 Docker Usage\n\n### Multi-Platform Images\n\nThe docker images support multiple architectures (amd64, arm64, s390x):\n\n```bash\ndocker pull pambrose/prometheus-proxy:3.0.0\ndocker pull pambrose/prometheus-agent:3.0.0\n```\n\n### Production Docker Setup\n\nStart a proxy container with:\n\n```bash\n# Proxy with admin and metrics enabled\ndocker run --rm -p 8082:8082 -p 8092:8092 -p 50051:50051 -p 8080:8080 \\\n        --env ADMIN_ENABLED=true \\\n        --env METRICS_ENABLED=true \\\n        --restart unless-stopped \\\n        pambrose/prometheus-proxy:3.0.0\n```\n\nStart an agent container with:\n\n```bash\n# Agent with remote config file\ndocker run --rm -p 8083:8083 -p 8093:8093 \\\n        --env AGENT_CONFIG='https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf' \\\n        --restart unless-stopped \\\n        pambrose/prometheus-agent:3.0.0\n```\n\nOr use docker-compose: see `etc/compose/proxy.yml` for a working example.\n\nUsing the config\nfile [simple.conf](https://raw.githubusercontent.com/pambrose/prometheus-proxy/master/examples/simple.conf), the proxy\nand the agent metrics would be available from the proxy on *localhost* at:\n\n* http://localhost:8082/proxy_metrics\n* http://localhost:8083/agent_metrics\n\nIf you want to use a local config file with a docker container (instead of the above HTTP-served config file), use the\ndocker [mount](https://docs.docker.com/storage/bind-mounts/) option. Assuming the config file `prom-agent.conf`\nis in your current directory, run an agent container with:\n\n```bash\n# Agent with local config file\ndocker run --rm -p 8083:8083 -p 8093:8093 \\\n    --mount type=bind,source=\"$(pwd)\"/prom-agent.conf,target=/app/prom-agent.conf \\\n    --env AGENT_CONFIG=prom-agent.conf \\\n    pambrose/prometheus-agent:3.0.0\n```\n\n**Note:** The `WORKDIR` of the proxy and agent images is `/app`, so make sure to use `/app` as the base directory in the\ntarget for `--mount` options.\n\n## ⚙️ Advanced Features\n\n### Embedded Agent\n\nIf you are running a JVM-based program, you can run with the agent embedded directly in your app and not use an external\nagent. This approach eliminates the need for a separate agent process when your application already runs on the JVM.\n\n  ```Java\n  // Start embedded agent\n  EmbeddedAgentInfo agentInfo = startAsyncAgent(\"configFile.conf\", true);\n\n  // Your application code runs here\n  // The agent runs in the background and does not block your application\n\n  // Shutdown the agent when the application terminates\n  agentInfo.close();\n  ```\n\n### Service Discovery\n\nEnable Prometheus service discovery support:\n\n```bash\njava -jar prometheus-proxy.jar \\\n  --sd_enabled \\\n  --sd_path discovery \\\n  --sd_target_prefix http://proxy-host:8080/\n```\n\nAccess discovery endpoint at: `http://proxy-host:8080/discovery`\n\n### Performance Tuning\n\nConfigure concurrent scraping:\n\n```bash\njava -jar prometheus-agent.jar \\\n  --max_concurrent_clients 5 \\\n  --client_timeout_secs 30 \\\n  --config myconfig.conf\n```\n\n## 📊 Monitoring \u0026 Observability\n\n### Built-in Metrics\n\nBoth proxy and agent expose their own metrics:\n\n- **Proxy metrics:** `http://proxy-host:8082/proxy_metrics`\n- **Agent metrics:** `http://agent-host:8083/agent_metrics`\n- **Admin endpoints:** `http://host:admin-port/ping`, `/healthcheck`, `/version`\n\n## 🔧 Configuration Options\n\nThe proxy and agent use the [Typesafe Config](https://github.com/typesafehub/config) library. Configuration values are\nevaluated in order: **CLI options → environment variables → config file values**.\n\nTypesafe Config highlights include:\n\n* support for files in three formats: Java properties, JSON, and a human-friendly JSON\n  superset ([HOCON](https://github.com/typesafehub/config#using-hocon-the-json-superset))\n* config files can be files or urls\n* config values can come from CLI options, environment variables, Java system properties, and/or config files.\n* config files can reference environment variables\n\n**📖 Complete configuration reference:** [**CLI Options \u0026 Environment Variables Reference**](docs/cli-args.md)\n\n### Common Options Summary\n\n| Component | Option             | Env Var                         | Description                                          |\n|:----------|:-------------------|:--------------------------------|:-----------------------------------------------------|\n| **Both**  | `--config, -c`     | `PROXY_CONFIG` / `AGENT_CONFIG` | Path or URL to config file                           |\n| **Both**  | `--admin, -r`      | `ADMIN_ENABLED`                 | Enable admin/health-check endpoints                  |\n| **Both**  | `--metrics, -e`    | `METRICS_ENABLED`               | Enable internal metrics collection                   |\n| **Proxy** | `--port, -p`       | `PROXY_PORT`                    | Port for Prometheus to scrape (Default: 8080)        |\n| **Proxy** | `--agent_port, -a` | `AGENT_PORT`                    | Port for Agents to connect via gRPC (Default: 50051) |\n| **Agent** | `--proxy, -p`      | `PROXY_HOSTNAME`                | Hostname/IP of the Proxy                             |\n\n### Configuration Notes\n\n* **Formats:** Supports HOCON (`.conf`), JSON (`.json`), and Java Properties (`.properties`).\n* **Logging:** Customize with `-Dlogback.configurationFile=/path/to/logback.xml`.\n* **Dynamic Props:** Use `-Dproperty.name=value` for any configuration key.\n* **Keepalives:** See the [gRPC keepalive guide](https://grpc.io/docs/guides/keepalive/) for tuning details.\n\n---\n\n## 📝 Examples \u0026 Use Cases\n\n### Common Scenarios\n\n- **🏢 Enterprise environments** - Scrape metrics across firewall boundaries\n- **☁️ Multi-cloud deployments** - Bridge different network segments\n- **🔒 Secure environments** - Monitor internal services without opening inbound ports\n- **🌐 Federation** - Scrape existing Prometheus instances via `/federate` endpoint\n- **🚀 Kubernetes** - Monitor services across clusters or namespaces\n\n### Example Configurations\n\n| Use Case                   | Configuration                                                              |\n|:---------------------------|:---------------------------------------------------------------------------|\n| **Basic setup**            | [`examples/simple.conf`](examples/simple.conf)                             |\n| **Multiple apps**          | [`examples/myapps.conf`](examples/myapps.conf)                             |\n| **TLS (no mutual auth)**   | [`examples/tls-no-mutual-auth.conf`](examples/tls-no-mutual-auth.conf)     |\n| **TLS (with mutual auth)** | [`examples/tls-with-mutual-auth.conf`](examples/tls-with-mutual-auth.conf) |\n| **Prometheus federation**  | [`examples/federate.conf`](examples/federate.conf)                         |\n| **Nginx reverse proxy**    | [`nginx/nginx-proxy.conf`](nginx/nginx-proxy.conf)                         |\n\n### Advanced Use Cases\n\n#### Prometheus Federation\n\nScrape an existing Prometheus instance via the `/federate` endpoint:\n```hocon\nagent.pathConfigs: [{\n  name: \"Federated Prometheus\"\n  path: \"federated_metrics\"\n  url: \"http://prometheus-server:9090/federate?match[]={__name__=~\\\"job:.*\\\"}\"\n}]\n```\n\nThis leverages the existing service discovery features already built into Prometheus.\n\nAnother service discovery example config can be found in\n[federate.conf](https://github.com/pambrose/prometheus-proxy/blob/master/examples/federate.conf).\n\n#### Nginx Reverse Proxy\n\nTo use with Nginx as a reverse proxy, disable the transport filter on both Proxy and Agent:\n```bash\njava -jar prometheus-proxy.jar --tf_disabled\njava -jar prometheus-agent.jar --tf_disabled --config myconfig.conf\n```\n\nAn example nginx conf file is [here](https://github.com/pambrose/prometheus-proxy/blob/master/nginx/docker/nginx.conf),\nand an example agent/proxy conf file\nis [here](https://github.com/pambrose/prometheus-proxy/blob/master/nginx/nginx-proxy.conf)\n\n**⚠️ Note:** With `transportFilterDisabled`, agent disconnections aren't immediately detected. Agent contexts on the\nproxy\nare removed after inactivity timeout (default: 1 minute, controlled by `proxy.internal.maxAgentInactivitySecs`).\n\n### gRPC Reflection\n\n[gRPC Reflection](https://grpc.io/docs/guides/reflection/) is enabled by default for debugging and tooling.\n\n**Test with [grpcurl](https://github.com/fullstorydev/grpcurl):**\n\n```bash\n# List available services\ngrpcurl -plaintext localhost:50051 list\n\n# Describe a service\ngrpcurl -plaintext localhost:50051 describe io.prometheus.ProxyService\n```\n\nIf you use grpcurl `-plaintext` option, make sure that you run the proxy in plaintext\nmode, i.e., do not define any TLS properties.\n\n**Disable reflection:** Use `--ref_disabled`, `REFLECTION_DISABLED`, or `proxy.reflectionDisabled=true`.\n\n## 🔐 Security \u0026 TLS\n\n### TLS Configuration Details\n\nAgents connect to a proxy using [gRPC](https://grpc.io). gRPC supports TLS with or without mutual authentication. The\nnecessary certificate and key file paths can be specified via CLI args, environment variables, and configuration file\nsettings.\n\nThe gRPC docs describe [how to set up TLS](https://github.com/grpc/grpc-java/tree/master/examples/example-tls).\nThe [repo](https://github.com/pambrose/prometheus-proxy/tree/master/testing/certs) includes the certificates and keys\nnecessary to test TLS support.\n\nRunning TLS without mutual authentication requires these settings:\n\n* `certChainFilePath` and `privateKeyFilePath` on the proxy\n* `trustCertCollectionFilePath` on the agent\n\nRunning TLS with mutual authentication requires these settings:\n\n* `certChainFilePath`, `privateKeyFilePath` and `trustCertCollectionFilePath` on the proxy\n* `certChainFilePath`, `privateKeyFilePath` and `trustCertCollectionFilePath` on the agent\n\nRun a proxy and an agent with TLS (with mutual authentication) with:\n\n```bash\n# Proxy with TLS\njava -jar prometheus-proxy.jar \\\n  --cert /path/to/server.crt \\\n  --key /path/to/server.key \\\n  --trust /path/to/ca.crt\n\n# Agent with TLS\njava -jar prometheus-agent.jar \\\n  --config myconfig.conf \\\n  --trust /path/to/ca.crt \\\n  --cert /path/to/client.crt \\\n  --key /path/to/client.key\n```\n\nRun a proxy and an agent with TLS (no mutual authentication) using the included testing certs and keys with:\n\n```bash\njava -jar prometheus-proxy.jar --config examples/tls-no-mutual-auth.conf\n\njava -jar prometheus-agent.jar --config examples/tls-no-mutual-auth.conf\n```\n\nRun a proxy and an agent docker container with TLS (no mutual authentication) using the included testing certs and keys\nwith:\n\n```bash\ndocker run --rm -p 8082:8082 -p 8092:8092 -p 50440:50440 -p 8080:8080 \\\n    --mount type=bind,source=\"$(pwd)\"/testing/certs,target=/app/testing/certs \\\n    --mount type=bind,source=\"$(pwd)\"/examples/tls-no-mutual-auth.conf,target=/app/tls-no-mutual-auth.conf \\\n    --env PROXY_CONFIG=tls-no-mutual-auth.conf \\\n    --env ADMIN_ENABLED=true \\\n    --env METRICS_ENABLED=true \\\n    pambrose/prometheus-proxy:3.0.0\n\ndocker run --rm -p 8083:8083 -p 8093:8093 \\\n    --mount type=bind,source=\"$(pwd)\"/testing/certs,target=/app/testing/certs \\\n    --mount type=bind,source=\"$(pwd)\"/examples/tls-no-mutual-auth.conf,target=/app/tls-no-mutual-auth.conf \\\n    --env AGENT_CONFIG=tls-no-mutual-auth.conf \\\n    --env PROXY_HOSTNAME=mymachine.lan:50440 \\\n    --name docker-agent \\\n    pambrose/prometheus-agent:3.0.0\n```\n\n**Note:** The `WORKDIR` of the proxy and agent images is `/app`, so make sure to use `/app` as the base directory in the\ntarget for `--mount` options.\n\n### Auth Header Forwarding\n\nWhen Prometheus scrape configurations include `basic_auth` or `bearer_token`, the proxy forwards the\n`Authorization` header to the agent over the gRPC channel. If TLS is not configured, these credentials\nare transmitted in plaintext and could be intercepted on the network between the proxy and agent.\n\n**Enable TLS when forwarding auth headers:**\n\n```bash\n# Proxy with TLS to protect forwarded credentials\njava -jar prometheus-proxy.jar \\\n  --cert /path/to/server.crt \\\n  --key /path/to/server.key\n\n# Agent with TLS\njava -jar prometheus-agent.jar \\\n  --config myconfig.conf \\\n  --trust /path/to/ca.crt\n```\n\nThe proxy logs a warning on the first request that includes an `Authorization` header when TLS is not enabled.\n\n### Scraping HTTPS Endpoints\n\nDisable SSL verification for agent https endpoints with the `TRUST_ALL_X509_CERTIFICATES` environment var,\nthe `--trust_all_x509` CLI option, or the `agent.http.enableTrustAllX509Certificates` property.\n\nTo scrape HTTPS endpoints with a self-signed certificate:\n\n```bash\njava -jar prometheus-agent.jar --trust_all_x509 --config myconfig.conf\n```\n\n**⚠️ Security Note:** Only use `--trust_all_x509` in development/testing environments.\n\n## 🔧 Troubleshooting\n\n### Common Issues\n\n**Agent can't connect to proxy:**\n\n- Verify proxy hostname and port\n- Check firewall rules (agent needs outbound access to proxy port)\n- Ensure proxy is running and listening\n\n**TLS connection failures:**\n\n- Verify certificate paths and file permissions\n- Check certificate validity and chain\n- Ensure clock synchronization between proxy and agent\n\n**Metrics not appearing:**\n\n- Verify agent path configuration matches Prometheus scrape paths\n- Check agent logs for scraping errors\n- Confirm target endpoints are accessible from agent\n\n**Performance issues:**\n\n- Increase `max_concurrent_clients` for high-throughput scenarios\n- Tune HTTP client cache settings\n- Consider running multiple agents for load distribution\n\n## 📄 License\n\nThis project is licensed under the Apache License 2.0 - see [License.txt](License.txt) for details.\n\n## Related Links\n\n* [Prometheus.io](http://prometheus.io)\n* [gRPC](http://grpc.io)\n* [Typesafe Config](https://github.com/carueda/tscfg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpambrose%2Fprometheus-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpambrose%2Fprometheus-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpambrose%2Fprometheus-proxy/lists"}