I'm running a software development company and we're looking to enhance our observability as we take on more complex projects. Currently, we manage a Symfony application, a vanilla PHP application, and a Django application, all hosted on different VPS instances. I'm trying to figure out how to securely collect the application logs, metrics, and traces. I get that we usually have a /metrics route for logs, but how do we protect that? Has anyone used Tailscale to unite their applications with their Grafana/Prometheus stack? If not, what are the best practices for ensuring the secure collection of metrics in my setup? Any insights would be much appreciated, as I'm quite new to this!
1 Answer
A common approach is to put your applications behind a reverse proxy like Traefik or HAProxy, so that the actual servers aren't exposed directly to the internet. This means that endpoints for observability can be secured behind a firewall. Additionally, utilizing TLS and appropriate authentication methods is crucial.
Thanks for the info! But how would firewall rules help if my services are across different VPSs? Wouldn't that prevent Prometheus from scraping the metrics since it needs public access?