Prometheus should look for Puma metrics in TLS listen address when in use
TLDR: We can't turn off non-https listener of Puma because that is where Prometheus is configured to look for metrics. Further discussion and links in the following thread
The following discussion from !6004 (merged) should be addressed:
-
@rmarshall started a discussion: (+3 comments) @balasankarc and I had a conversation yesterday for exit criteria to get this merged.
- Today's default does not change
- SSL can be enabled, and workhorse works as expected
- NICE TO HAVE: SSL can be enabled and default can be disabled without issues
I think both @balasankarc and I have confirmed all of the above are working with the latest set of patches.
We probably need to open a documentation merge request somewhere to note how to turn off non-SSL and UNIX socket for administrators wanting to go for maximum lockdown on their installation.
@stanhu - you can probably pull this out of Draft mode unless you have a few other items you want to tinker with before we proceed with the final look through?