Logo / Docs

Prometheus Setup

Prometheus Setup

Available since 1.26.0

Prometheus is a tool to monitor metrics and setup alerts in the case that some metric has responded negatively for an extended period.

The following types of gauges are currently available.

  • JVM Buffers - A set of gauges for the count, usage, and capacity of the JVM’s direct and mapped buffer pools.
  • JVM class loading - A set of gauges for JVM classloader usage.
  • JVM garbage collection - A set of gauges for the counts and elapsed times of garbage collections.
  • JVM memory - A set of gauges for JVM memory usage, including stats on heap vs non-heap memory.
  • JVM threads - A set of gauges for the number of threads in their various states and deadlock detection.
  • Other JVM attributes - A Gauge implementation which queries an MBeanServerConnection for an attribute of an object.

Setup

Setting this up with FusionAuth is easy. To monitor FusionAuth with Prometheus, point your Prometheus server to the FusionAuth Prometheus endpoints. Below is an example of Prometheus configuration for a FusionAuth instance running locally on the docker host. You can reach the host via the host.docker.internal hostname on MacOS and Windows.

These instructions are for monitoring FusionAuth with Prometheus when you are self-hosting.

FusionAuth Cloud deployments with more than one compute node round-robin requests to the Prometheus endpoint. Using this endpoint to monitor such a deployment is not recommended.

Learn more about this issue here.

Configuration

The Prometheus endpoint is configured with the YAML file. Learn more about the Prometheus configuration.

Prometheus does not provide functionality to authenticate using custom HTTP headers.

To authenticate, use basic auth. Use the value apikey as the username and an API key as the password. The API key must have GET permission for the /api/prometheus/metrics endpoint. Refer to the Authentication document for more details about API keys.

If you prefer to allow unauthenticated access to this endpoint from local scrapers, you may set fusionauth-app.local-metrics.enabled=true. See the configuration reference for more info.

All other configuration in the YAML file is standard Prometheus scrape_config configuration.

Sample prometheus.yaml

scrape_configs:
  - job_name: FusionAuth
    scrape_interval: 60s
    scheme: https
    metrics_path: api/prometheus/metrics
    static_configs:
      - targets: ['local.fusionauth.io']
    basic_auth:
      username: "apikey"
      password: "Jw4cGzKpzxcEsqnqFKw3m7jUvgeS-jtUvn8B0TDBxgQ="

Start Prometheus:

docker run -v $(pwd)/prometheus.yaml:/etc/prometheus/prometheus.yml -p 9090:9090 prom/prometheus

Your Prometheus dashboard will look something like this.

Prometheus Graph View