GameServerWeb.Plugs.MetricsAuth (game_server_web v1.0.940)

Copy Markdown

Authentication for the /metrics endpoint.

Access rules (checked in order):

  1. Private/local IPs — always allowed without auth. Covers Docker internal networks (172.x, 10.x, 192.168.x), localhost (127.x), and IPv6 loopback (::1). This means Prometheus running in the same docker-compose can always scrape /metrics.

  2. Bearer token — if METRICS_AUTH_TOKEN is set, external requests must include Authorization: Bearer <token>.

  3. No token configured — all requests are allowed (dev default).

Configuration

# In production — set this to restrict external access
METRICS_AUTH_TOKEN=my-secret-prometheus-token

Prometheus scrape config with token:

scrape_configs:
  - job_name: "gamend"
    bearer_token: "my-secret-prometheus-token"
    static_configs:
      - targets: ["app:4000"]