Skip to content

Example Configs

The repository ships a set of ready-to-run config files under examples/. Each is shown below verbatim. For the full set of options see Agent Configuration and Proxy Configuration.

Precedence

Config files are the lowest-precedence source: CLI args → env vars → config file → built-in defaults. See the CLI Reference.

Self-monitoring — simple.conf

Enables admin and metrics on both components and points the agent at the proxy's and agent's own /metrics endpoints, so the proxy and agent monitor themselves. A good first run on a single host.

proxy {
  admin.debugEnabled = false

  admin.enabled: true
  metrics.enabled: true

  http.requestLoggingEnabled: true
}

agent {

  proxy.hostname = localhost
  admin.enabled: true
  metrics.enabled: true

  pathConfigs: [
    {
      name: "Proxy metrics"
      path: proxy_metrics
      labels: "{\"key1\": \"value1\", \"key2\": 2}"
      url: "http://localhost:8082/metrics"
      //url: "http://"${?HOSTNAME}":8082/metrics"
    }
    {
      name: "Agent metrics"
      path: agent_metrics
      labels: "{\"key3\": \"value3\", \"key4\": 4}"
      url: "http://localhost:8083/metrics"
      //url: "http://"${?HOSTNAME}":8083/metrics"
    }
  ]
}

Run it with:

java -jar prometheus-proxy.jar --config examples/simple.conf
java -jar prometheus-agent.jar  --config examples/simple.conf

Multiple application endpoints — myapps.conf

Three application endpoints, each on its own proxy path and tagged with custom labels. This is the typical shape of a real agent config.

agent {
  pathConfigs: [
    {
      name: "App1 metrics"
      path: app1_metrics
      labels: "{\"key1\": \"value1\", \"key2\": 2}"
      url: "http://app1.local:9100/metrics"
    },
    {
      name: "App2 metrics"
      path: app2_metrics
      labels: "{\"key3\": \"value3\", \"key4\": 4}"
      url: "http://app2.local:9100/metrics"
    },
    {
      name: "App3 metrics"
      path: app3_metrics
      labels: "{\"key5\": \"value5\", \"key6\": 6}"
      url: "http://app3.local:9100/metrics"
    }
  ]
}

Prometheus then scrapes /app1_metrics, /app2_metrics, and /app3_metrics from the proxy. See the Quick Start.

Prometheus federation — federate.conf

Pulls metrics from an existing Prometheus server through its /federate endpoint, exposing them on a proxy path. See Prometheus Federation.

agent {
  pathConfigs: [
    {
      name: "Federate metrics"
      path: federate_metrics
      url: "http://prometheus:9090/federate?match[]={job=~'.*'}"
    },
    {
      name: "Agent metrics"
      path: agent_metrics
      url: "http://localhost:8083/metrics"
    }
  ]
}

Server-only TLS — tls-no-mutual-auth.conf

Encrypts the gRPC channel with a server certificate; the agent verifies the proxy but does not present a client certificate. Note the non-default agent port 50440 and the overrideAuthority used to match the test fixture's SAN.

proxy {

  agent.port = 50440

  tls {
    certChainFilePath = "testing/certs/server1.pem"       // Server certificate chain file path
    privateKeyFilePath = "testing/certs/server1.key"      // Server private key file path
    trustCertCollectionFilePath = ""                      // Trust certificate collection file path
  }
}

agent {

  proxy {
    hostname = "localhost"                                // Proxy hostname
    port = 50440                                          // Proxy port
  }

  http {
    enableTrustAllX509Certificates = true
  }

  // Only trustCertCollectionFilePath is required on the client with TLS (no mutual authentication)
  tls {
    overrideAuthority = "foo.test.google.fr"              // Override authority (for testing only)
    certChainFilePath = ""                                // Client certificate chain file path
    privateKeyFilePath = ""                               // Client private key file path
    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
  }
}

Mutual TLS — tls-with-mutual-auth.conf

Both sides present certificates: the proxy trusts the client CA and the agent supplies its own certChainFilePath / privateKeyFilePath. This is the recommended production posture.

proxy {

  agent.port = 50440

  tls {
    certChainFilePath = "testing/certs/server1.pem"       // Server certificate chain file path
    privateKeyFilePath = "testing/certs/server1.key"      // Server private key file path
    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
  }
}

agent {

  proxy {
    hostname = "localhost"                                // Proxy hostname
    port = 50440                                          // Proxy port
  }

  // Only trustCertCollectionFilePath is required on the client with TLS (with mutual authentication)
  tls {
    overrideAuthority = "foo.test.google.fr"              // Override authority (for testing only)
    certChainFilePath = "testing/certs/client.pem"        // Client certificate chain file path
    privateKeyFilePath = "testing/certs/client.key"       // Client private key file path
    trustCertCollectionFilePath = "testing/certs/ca.pem"  // Trust certificate collection file path
  }
}

See TLS Setup for generating certificates and the full TLS option set.