Revision history [back]

To set up HTTPS and Basic Authentication for Alertmanager, follow these steps:

1. Generate SSL/TLS certificates for Alertmanager using a tool like Let’s Encrypt or OpenSSL.

2. Open the Alertmanager configuration file and add the following lines to enable HTTPS:

# Secure the web interface with HTTPS
tls_config:
  cert_file: /path/to/cert.pem
  key_file: /path/to/key.pem

Replace /path/to/cert.pem and /path/to/key.pem with the paths to your SSL/TLS certificate and key files.

1. Install basic-auth plugin for Alertmanager by running this command:

$ go get -u github.com/prometheus/alertmanager/cmd/amtool

1. Run the following command to create an Auth file:

$ echo "myUser:$(openssl passwd -apr1)" > /path/to/alertmanager/htpasswd 

Replace myUser with the desired username.

1. Add the following lines to the Alertmanager configuration file to enable basic authentication:

# Authenticate users with HTTP basic authentication
route:
  receiver: 'slack'
  group_by: ['alertname']
  group_wait: 30s
  group_interval: 5m
  repeat_interval: 30m
  routes:
  - match:
      alertname: DeadMansSwitch
    receiver: team-X-mails
    continue: true
    authentication:
      basic_auth:
        usersfile: /path/to/alertmanager/htpasswd

Replace /path/to/alertmanager/htpasswd with the path to the Auth file created in step 4.

1. Restart the Alertmanager service to apply the changes.

Now, when users access the Alertmanager web interface, they will be prompted to enter their username and password for authentication, and all communication will be secured over HTTPS.