Add security warnings for -prometheusmetrics option
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
523f969654
commit
d0f468e1ce
|
@ -30,6 +30,12 @@ You can see what each method provides with `zcash-cli help METHOD_NAME`.
|
|||
`zcashd` can optionally expose an HTTP server that acts as a Prometheus scrape
|
||||
endpoint. The server will respond to `GET` requests on any request path.
|
||||
|
||||
Note that HTTPS is not supported, and therefore connections to the endpoint are
|
||||
not encrypted or authenticated. Access to the endpoint should be assumed to
|
||||
compromise the privacy of node operations, by the provided metrics and/or by
|
||||
timing side channels. Enabling the endpoint is **strongly discouraged** if the
|
||||
node has a wallet holding live funds.
|
||||
|
||||
To enable the endpoint, add `-prometheusmetrics=<host_name>:<port>` to your
|
||||
`zcashd` configuration (either in `zcash.conf` or on the command line). After
|
||||
restarting `zcashd` you can then test the endpoint by querying it:
|
||||
|
|
|
@ -354,7 +354,8 @@ std::string HelpMessage(HelpMessageMode mode)
|
|||
strUsage += HelpMessageOpt("-pid=<file>", strprintf(_("Specify pid file (default: %s)"), BITCOIN_PID_FILENAME));
|
||||
#endif
|
||||
strUsage += HelpMessageOpt("-prometheusmetrics=<host_name>:<port>", _("Expose node metrics in the Prometheus exposition format. "
|
||||
"An HTTP listener will be started on the configured hostname and port, which responds to GET requests on any request path."));
|
||||
"An HTTP listener will be started on the configured hostname and port, which responds to GET requests on any request path. "
|
||||
"SECURITY WARNING: this can potentially compromise privacy; read contrib/metrics/README.md before enabling."));
|
||||
strUsage += HelpMessageOpt("-prune=<n>", strprintf(_("Reduce storage requirements by pruning (deleting) old blocks. This mode disables wallet support and is incompatible with -txindex. "
|
||||
"Warning: Reverting this setting requires re-downloading the entire blockchain. "
|
||||
"(default: 0 = disable pruning blocks, >%u = target size in MiB to use for block files)"), MIN_DISK_SPACE_FOR_BLOCK_FILES / 1024 / 1024));
|
||||
|
|
Loading…
Reference in New Issue