Blocking /metrics and /health endpoints for Apps by default
I'd also like to track Jellyfin which I love to run as an cloudron App. It comes with pre installed Prometheus endpoint according to the documentation which I'd like to use. The default Cloudron-location for this file is /app/data/jellyfin/config/system.xml
However I dont want to expose this endpoint to the public Internet. Any Ideas how I could prevent this?
If we find a good solution, I think it would be best to have the /metrics and /health endpoints blocked by default because Cloudron-Admins most likely dont want to expose these to the Internet anyway.
@girish would you have an Idea where I could apply such a config change?
Best regards and thanks for the answer in advance 🙂
PS: Will gladly contribute to the Documentation as we found a good solution. I just fell down the rabbit hole to a certain degree in advancing my home-lab more towards a real data-center 🙂
just had the same issue and wanted to add something here as a documentation:
If both Grafana and Prometheus are running as a cloudron-app, you can add Prometheus as a data-source in Grafana by inputting http://<PROMETHEUS-SERVICE-UUID>:9090 in the URL-field where PROMETHEUS-SERVICE-UUID can be found form the prometheus container either by looking up its installation location in the Storage-Tab or by connecting via terminal and copying the hostname.
@staff sounds like something that belongs in the docs 🙂