Home

Awesome

<!-- markdownlint-disable-next-line first-line-h1 -->

OpenSSFScorecard CI FOSSA Status Go Report Card codecov GitHub all releases GitHub release (latest by SemVer) GitHub release (latest SemVer) nginx-prometheus-exporter GitHub go.mod Go version Docker Pulls Docker Image Size (latest semver) Slack Project Status: Active – The project has reached a stable, usable state and is being actively developed.

NGINX Prometheus Exporter

NGINX Prometheus exporter makes it possible to monitor NGINX or NGINX Plus using Prometheus.

<!-- START doctoc generated TOC please keep comment here to allow auto update --> <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

Table of Contents

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

Overview

NGINX exposes a handful of metrics via the stub_status page. NGINX Plus provides a richer set of metrics via the API and the monitoring dashboard. NGINX Prometheus exporter fetches the metrics from a single NGINX or NGINX Plus, converts the metrics into appropriate Prometheus metrics types and finally exposes them via an HTTP server to be collected by Prometheus.

Getting Started

In this section, we show how to quickly run NGINX Prometheus Exporter for NGINX or NGINX Plus.

A Note about NGINX Ingress Controller

If you’d like to use the NGINX Prometheus Exporter with NGINX Ingress Controller for Kubernetes, see this doc for the installation instructions.

Prerequisites

We assume that you have already installed Prometheus and NGINX or NGINX Plus. Additionally, you need to:

Running the Exporter in a Docker Container

To start the exporter we use the docker run command.

Running the Exporter Binary

Note. The nginx-prometheus-exporter is not a daemon. To run the exporter as a system service (daemon), you can follow the example in examples/systemd. Alternatively, you can run the exporter in a Docker container.

Usage

Command-line Arguments

usage: nginx-prometheus-exporter [<flags>]


Flags:
  -h, --[no-]help                Show context-sensitive help (also try --help-long and --help-man).
      --[no-]web.systemd-socket  Use systemd socket activation listeners instead
                                 of port listeners (Linux only). ($SYSTEMD_SOCKET)
      --web.listen-address=:9113 ...
                                 Addresses on which to expose metrics and web interface. Repeatable for multiple addresses. ($LISTEN_ADDRESS)
      --web.config.file=""       Path to configuration file that can enable TLS or authentication. See: https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md ($CONFIG_FILE)
      --web.telemetry-path="/metrics"
                                 Path under which to expose metrics. ($TELEMETRY_PATH)
      --[no-]nginx.plus          Start the exporter for NGINX Plus. By default, the exporter is started for NGINX. ($NGINX_PLUS)
      --nginx.scrape-uri=http://127.0.0.1:8080/stub_status ...
                                 A URI or unix domain socket path for scraping NGINX or NGINX Plus metrics. For NGINX, the stub_status page must be available through the URI. For NGINX Plus -- the API. Repeatable for multiple URIs. ($SCRAPE_URI)
      --[no-]nginx.ssl-verify    Perform SSL certificate verification. ($SSL_VERIFY)
      --nginx.ssl-ca-cert=""     Path to the PEM encoded CA certificate file used to validate the servers SSL certificate. ($SSL_CA_CERT)
      --nginx.ssl-client-cert=""
                                 Path to the PEM encoded client certificate file to use when connecting to the server. ($SSL_CLIENT_CERT)
      --nginx.ssl-client-key=""  Path to the PEM encoded client certificate key file to use when connecting to the server. ($SSL_CLIENT_KEY)
      --nginx.timeout=5s         A timeout for scraping metrics from NGINX or NGINX Plus. ($TIMEOUT)
      --prometheus.const-label=PROMETHEUS.CONST-LABEL ...
                                 Label that will be used in every metric. Format is label=value. It can be repeated multiple times. ($CONST_LABELS)
      --log.level=info           Only log messages with the given severity or above. One of: [debug, info, warn, error]
      --log.format=logfmt        Output format of log messages. One of: [logfmt, json]
      --[no-]version             Show application version.

Exported Metrics

Common metrics

NameTypeDescriptionLabels
nginx_exporter_build_infoGaugeShows the exporter build information.branch, goarch, goos, goversion, revision, tags and version
promhttp_metric_handler_requests_totalCounterTotal number of scrapes by HTTP status code.code (the HTTP status code)
promhttp_metric_handler_requests_in_flightGaugeCurrent number of scrapes being served.[]
go_*MultipleGo runtime metrics.[]

Metrics for NGINX OSS

NameTypeDescriptionLabels
nginx_upGaugeShows the status of the last metric scrape: 1 for a successful scrape and 0 for a failed one[]

Stub status metrics

NameTypeDescriptionLabels
nginx_connections_acceptedCounterAccepted client connections.[]
nginx_connections_activeGaugeActive client connections.[]
nginx_connections_handledCounterHandled client connections.[]
nginx_connections_readingGaugeConnections where NGINX is reading the request header.[]
nginx_connections_waitingGaugeIdle client connections.[]
nginx_connections_writingGaugeConnections where NGINX is writing the response back to the client.[]
nginx_http_requests_totalCounterTotal http requests.[]

Metrics for NGINX Plus

NameTypeDescriptionLabels
nginxplus_upGaugeShows the status of the last metric scrape: 1 for a successful scrape and 0 for a failed one[]

Connections

NameTypeDescriptionLabels
nginxplus_connections_acceptedCounterAccepted client connections[]
nginxplus_connections_activeGaugeActive client connections[]
nginxplus_connections_droppedCounterDropped client connections dropped[]
nginxplus_connections_idleGaugeIdle client connections[]

HTTP

NameTypeDescriptionLabels
nginxplus_http_requests_totalCounterTotal http requests[]
nginxplus_http_requests_currentGaugeCurrent http requests[]

SSL

NameTypeDescriptionLabels
nginxplus_ssl_handshakesCounterSuccessful SSL handshakes[]
nginxplus_ssl_handshakes_failedCounterFailed SSL handshakes[]
nginxplus_ssl_session_reusesCounterSession reuses during SSL handshake[]

HTTP Server Zones

NameTypeDescriptionLabels
nginxplus_server_zone_processingGaugeClient requests that are currently being processedserver_zone
nginxplus_server_zone_requestsCounterTotal client requestsserver_zone
nginxplus_server_zone_responsesCounterTotal responses sent to clientscode (the response status code. The values are: 1xx, 2xx, 3xx, 4xx and 5xx), server_zone
nginxplus_server_zone_responses_codesCounterTotal responses sent to clients by codecode (the response status code. The possible values are here), server_zone
nginxplus_server_zone_discardedCounterRequests completed without sending a responseserver_zone
nginxplus_server_zone_receivedCounterBytes received from clientsserver_zone
nginxplus_server_zone_sentCounterBytes sent to clientsserver_zone
nginxplus_server_ssl_handshakesCounterSuccessful SSL handshakesserver_zone
nginxplus_server_ssl_handshakes_failedCounterFailed SSL handshakesserver_zone
nginxplus_server_ssl_session_reusesCounterSession reuses during SSL handshakeserver_zone

Stream Server Zones

NameTypeDescriptionLabels
nginxplus_stream_server_zone_processingGaugeClient connections that are currently being processedserver_zone
nginxplus_stream_server_zone_connectionsCounterTotal connectionsserver_zone
nginxplus_stream_server_zone_sessionsCounterTotal sessions completedcode (the response status code. The values are: 2xx, 4xx, and 5xx), server_zone
nginxplus_stream_server_zone_discardedCounterConnections completed without creating a sessionserver_zone
nginxplus_stream_server_zone_receivedCounterBytes received from clientsserver_zone
nginxplus_stream_server_zone_sentCounterBytes sent to clientsserver_zone
nginxplus_stream_server_ssl_handshakesCounterSuccessful SSL handshakesserver_zone
nginxplus_stream_server_ssl_handshakes_failedCounterFailed SSL handshakesserver_zone
nginxplus_stream_server_ssl_session_reusesCounterSession reuses during SSL handshakeserver_zone

HTTP Upstreams

Note: for the state metric, the string values are converted to float64 using the following rule: "up" -> 1.0, "draining" -> 2.0, "down" -> 3.0, "unavail" –> 4.0, "checking" –> 5.0, "unhealthy" -> 6.0.

NameTypeDescriptionLabels
nginxplus_upstream_server_stateGaugeCurrent stateserver, upstream
nginxplus_upstream_server_activeGaugeActive connectionsserver, upstream
nginxplus_upstream_server_limitGaugeLimit for connections which corresponds to the max_conns parameter of the upstream server. Zero value means there is no limitserver, upstream
nginxplus_upstream_server_requestsCounterTotal client requestsserver, upstream
nginxplus_upstream_server_responsesCounterTotal responses sent to clientscode (the response status code. The values are: 1xx, 2xx, 3xx, 4xx and 5xx), server, upstream
nginxplus_upstream_server_responses_codesCounterTotal responses sent to clients by codecode (the response status code. The possible values are here), server, upstream
nginxplus_upstream_server_sent`CounterBytes sent to this serverserver, upstream
nginxplus_upstream_server_receivedCounterBytes received to this serverserver, upstream
nginxplus_upstream_server_failsCounterNumber of unsuccessful attempts to communicate with the serverserver, upstream
nginxplus_upstream_server_unavailCounterHow many times the server became unavailable for client requests (state 'unavail') due to the number of unsuccessful attempts reaching the max_fails thresholdserver, upstream
nginxplus_upstream_server_header_timeGaugeAverage time to get the response header from the serverserver, upstream
nginxplus_upstream_server_response_timeGaugeAverage time to get the full response from the serverserver, upstream
nginxplus_upstream_server_health_checks_checksCounterTotal health check requestsserver, upstream
nginxplus_upstream_server_health_checks_failsCounterFailed health checksserver, upstream
nginxplus_upstream_server_health_checks_unhealthyCounterHow many times the server became unhealthy (state 'unhealthy')server, upstream
nginxplus_upstream_server_ssl_handshakesCounterSuccessful SSL handshakesserver, upstream
nginxplus_upstream_server_ssl_handshakes_failedCounterFailed SSL handshakesserver, upstream
nginxplus_upstream_server_ssl_session_reusesCounterSession reuses during SSL handshakeserver, upstream
nginxplus_upstream_keepaliveGaugeIdle keepalive connectionsupstream
nginxplus_upstream_zombiesGaugeServers removed from the group but still processing active client requestsupstream

Stream Upstreams

Note: for the state metric, the string values are converted to float64 using the following rule: "up" -> 1.0, "down" -> 3.0, "unavail" –> 4.0, "checking" –> 5.0, "unhealthy" -> 6.0.

NameTypeDescriptionLabels
nginxplus_stream_upstream_server_stateGaugeCurrent stateserver, upstream
nginxplus_stream_upstream_server_activeGaugeActive connectionsserver , upstream
nginxplus_stream_upstream_server_limitGaugeLimit for connections which corresponds to the max_conns parameter of the upstream server. Zero value means there is no limitserver , upstream
nginxplus_stream_upstream_server_connectionsCounterTotal number of client connections forwarded to this serverserver, upstream
nginxplus_stream_upstream_server_connect_timeGaugeAverage time to connect to the upstream serverserver, upstream
nginxplus_stream_upstream_server_first_byte_timeGaugeAverage time to receive the first byte of dataserver, upstream
nginxplus_stream_upstream_server_response_timeGaugeAverage time to receive the last byte of dataserver, upstream
nginxplus_stream_upstream_server_sentCounterBytes sent to this serverserver, upstream
nginxplus_stream_upstream_server_receivedCounterBytes received from this serverserver, upstream
nginxplus_stream_upstream_server_failsCounterNumber of unsuccessful attempts to communicate with the serverserver, upstream
nginxplus_stream_upstream_server_unavailCounterHow many times the server became unavailable for client connections (state 'unavail') due to the number of unsuccessful attempts reaching the max_fails thresholdserver, upstream
nginxplus_stream_upstream_server_health_checks_checksCounterTotal health check requestsserver, upstream
nginxplus_stream_upstream_server_health_checks_failsCounterFailed health checksserver, upstream
nginxplus_stream_upstream_server_health_checks_unhealthyCounterHow many times the server became unhealthy (state 'unhealthy')server, upstream
nginxplus_stream_upstream_server_ssl_handshakesCounterSuccessful SSL handshakesserver, upstream
nginxplus_stream_upstream_server_ssl_handshakes_failedCounterFailed SSL handshakesserver, upstream
nginxplus_stream_upstream_server_ssl_session_reusesCounterSession reuses during SSL handshakeserver, upstream
nginxplus_stream_upstream_zombiesGaugeServers removed from the group but still processing active client connectionsupstream

Stream Zone Sync

NameTypeDescriptionLabels
nginxplus_stream_zone_sync_zone_records_pendingGaugeThe number of records that need to be sent to the clusterzone
nginxplus_stream_zone_sync_zone_records_totalGaugeThe total number of records stored in the shared memory zonezone
nginxplus_stream_zone_sync_zone_bytes_inCounterBytes received by this node[]
nginxplus_stream_zone_sync_zone_bytes_outCounterBytes sent by this node[]
nginxplus_stream_zone_sync_zone_msgs_inCounterTotal messages received by this node[]
nginxplus_stream_zone_sync_zone_msgs_outCounterTotal messages sent by this node[]
nginxplus_stream_zone_sync_zone_nodes_onlineGaugeNumber of peers this node is connected to[]

Location Zones

NameTypeDescriptionLabels
nginxplus_location_zone_requestsCounterTotal client requestslocation_zone
nginxplus_location_zone_responsesCounterTotal responses sent to clientscode (the response status code. The values are: 1xx, 2xx, 3xx, 4xx and 5xx), location_zone
nginxplus_location_zone_responses_codesCounterTotal responses sent to clients by codecode (the response status code. The possible values are here), location_zone
nginxplus_location_zone_discardedCounterRequests completed without sending a responselocation_zone
nginxplus_location_zone_receivedCounterBytes received from clientslocation_zone
nginxplus_location_zone_sentCounterBytes sent to clientslocation_zone

Resolver

NameTypeDescriptionLabels
nginxplus_resolver_nameCounterTotal requests to resolve names to addressesresolver
nginxplus_resolver_srvCounterTotal requests to resolve SRV recordsresolver
nginxplus_resolver_addrCounterTotal requests to resolve addresses to namesresolver
nginxplus_resolver_noerrorCounterTotal number of successful responsesresolver
nginxplus_resolver_formerrCounterTotal number of FORMERR responsesresolver
nginxplus_resolver_servfailCounterTotal number of SERVFAIL responsesresolver
nginxplus_resolver_nxdomainCounterTotal number of NXDOMAIN responsesresolver
nginxplus_resolver_notimpCounterTotal number of NOTIMP responsesresolver
nginxplus_resolver_refusedCounterTotal number of REFUSED responsesresolver
nginxplus_resolver_timedoutCounterTotal number of timed out requestresolver
nginxplus_resolver_unknownCounterTotal requests completed with an unknown errorresolver

HTTP Requests Rate Limiting

NameTypeDescriptionLabels
nginxplus_limit_request_passedCounterTotal number of requests that were neither limited nor accounted as limitedzone
nginxplus_limit_request_rejectedCounterTotal number of requests that were rejectedzone
nginxplus_limit_request_delayedCounterTotal number of requests that were delayedzone
nginxplus_limit_request_rejected_dry_runCounterTotal number of requests accounted as rejected in the dry run modezone
nginxplus_limit_request_delayed_dry_runCounterTotal number of requests accounted as delayed in the dry run modezone

HTTP Connections Limiting

NameTypeDescriptionLabels
nginxplus_limit_connection_passedCounterTotal number of connections that were neither limited nor accounted as limitedzone
nginxplus_limit_connection_rejectedCounterTotal number of connections that were rejectedzone
nginxplus_limit_connection_rejected_dry_runCounterTotal number of connections accounted as rejected in the dry run modezone

Stream Connections Limiting

NameTypeDescriptionLabels
nginxplus_stream_limit_connection_passedCounterTotal number of connections that were neither limited nor accounted as limitedzone
nginxplus_stream_limit_connection_rejectedCounterTotal number of connections that were rejectedzone
nginxplus_stream_limit_connection_rejected_dry_runCounterTotal number of connections accounted as rejected in the dry run modezone

Cache

NameTypeDescriptionLabels
nginxplus_cache_sizeGaugeTotal size of the cachecache
nginxplus_cache_max_sizeGaugeMaximum size of the cachecache
nginxplus_cache_coldGaugeIs the cache considered coldcache
nginxplus_cache_hit_responsesCounterTotal number of cache hitscache
nginxplus_cache_hit_bytesCounterTotal number of bytes returned from cache hitscache
nginxplus_cache_stale_responsesCounterTotal number of stale cache hitscache
nginxplus_cache_stale_bytesCounterTotal number of bytes returned from stale cache hitscache
nginxplus_cache_updating_responsesCounterTotal number of cache hits while cache is updatingcache
nginxplus_cache_updating_bytesCounterTotal number of bytes returned from cache while cache is updatingcache
nginxplus_cache_revalidated_responsesCounterTotal number of cache revalidationscache
nginxplus_cache_revalidated_bytesCounterTotal number of bytes returned from cache revalidationscache
nginxplus_cache_miss_responsesCounterTotal number of cache missescache
nginxplus_cache_miss_bytesCounterTotal number of bytes returned from cache missescache
nginxplus_cache_expired_responsesCounterTotal number of cache hits with expired TTLcache
nginxplus_cache_expired_bytesCounterTotal number of bytes returned from cache hits with expired TTLcache
nginxplus_cache_expired_responses_writtenCounterTotal number of cache hits with expired TTL written to cachecache
nginxplus_cache_expired_bytes_writtenCounterTotal number of bytes written to cache from cache hits with expired TTLcache
nginxplus_cache_bypass_responsesCounterTotal number of cache bypassescache
nginxplus_cache_bypass_bytesCounterTotal number of bytes returned from cache bypassescache
nginxplus_cache_bypass_responses_writtenCounterTotal number of cache bypasses written to cachecache
nginxplus_cache_bypass_bytes_writtenCounterTotal number of bytes written to cache from cache bypassescache

Worker

NameTypeDescriptionLabels
nginxplus_worker_connection_acceptedCounterThe total number of accepted client connectionsid, pid
nginxplus_worker_connection_droppedCounterThe total number of dropped client connectionsid, pid
nginxplus_worker_connection_activeGaugeThe current number of active client connectionsid, pid
nginxplus_worker_connection_idleGaugeThe current number of idle client connectionid, pid
nginxplus_worker_http_requests_totalCounterThe total number of client requests receivedid, pid
nginxplus_worker_http_requests_currentGaugeThe current number of client requests that are currently being processedid, pid

Connect to the /metrics page of the running exporter to see the complete list of metrics along with their descriptions. Note: to see server zones related metrics you must configure status zones and to see upstream related metrics you must configure upstreams with a shared memory zone.

Troubleshooting

The exporter logs errors to the standard output. When using Docker, if the exporter doesn’t work as expected, check its logs using docker logs command.

Releases

Docker images

We publish the Docker image on DockerHub, GitHub Container, Amazon ECR Public Gallery and Quay.io.

As an alternative, you can choose the edge version built from the latest commit from the main branch. The edge version is useful for experimenting with new features that are not yet published in a stable release.

Binaries

We publish the binaries for multiple Operating Systems and architectures on the GitHub releases page.

Homebrew

You can add the NGINX homebrew tap with

brew tap nginxinc/tap

and then install the formula with

brew install nginx-prometheus-exporter

Snap

You can install the NGINX Prometheus Exporter from the Snap Store.

snap install nginx-prometheus-exporter

Scoop

You can add the NGINX Scoop bucket with

scoop bucket add nginx https://github.com/nginxinc/scoop-bucket.git

and then install the package with

scoop install nginx-prometheus-exporter

Nix

First include NUR in your packageOverrides as explained in the NUR documentation.

Then you can use the exporter with the following command:

nix-shell --packages nur.repos.nginx.nginx-prometheus-exporter

or install it with:

nix-env -f '<nixpkgs>' -iA nur.repos.nginx.nginx-prometheus-exporter

Building the Exporter

You can build the exporter using the provided Makefile. Before building the exporter, make sure the following software is installed on your machine:

Building the Docker Image

To build the Docker image with the exporter, run:

make container

Note: go is not required, as the exporter binary is built in a Docker container. See the Dockerfile.

Building the Binary

To build the binary, run:

make

Note: the binary is built for the OS/arch of your machine. To build binaries for other platforms, see the Makefile.

The binary is built with the name nginx-prometheus-exporter.

Grafana Dashboard

The official Grafana dashboard is provided with the exporter for NGINX. Check the Grafana Dashboard documentation for more information.

SBOM (Software Bill of Materials)

We generate SBOMs for the binaries and the Docker image.

Binaries

The SBOMs for the binaries are available in the releases page. The SBOMs are generated using syft and are available in SPDX format.

Docker Image

The SBOM for the Docker image is available in the DockerHub, GitHub Container registry, Amazon ECR Public Gallery and Quay.io repositories. The SBOMs are generated using syft and stored as an attestation in the image manifest.

For example to retrieve the SBOM for linux/amd64 from Docker Hub and analyze it using grype you can run the following command:

docker buildx imagetools inspect nginx/nginx-prometheus-exporter:edge --format '{{ json (index .SBOM "linux/amd64").SPDX }}' | grype

Provenance

We generate provenance for the Docker image and it's available in the DockerHub, GitHub Container registry, Amazon ECR Public Gallery and Quay.io repositories, stored as an attestation in the image manifest.

For example to retrieve the provenance for linux/amd64 from Docker Hub you can run the following command:

docker buildx imagetools inspect nginx/nginx-prometheus-exporter:edge --format '{{ json (index .Provenance "linux/amd64").SLSA }}'

Contacts

We’d like to hear your feedback! If you have any suggestions or experience issues with the NGINX Prometheus Exporter, please create an issue or send a pull request on GitHub. You can contact us directly via integrations@nginx.com or on the NGINX Community Slack in the #nginx-prometheus-exporter channel.

Contributing

If you'd like to contribute to the project, please read our Contributing guide.

Support

The commercial support is available for NGINX Plus customers when the NGINX Prometheus Exporter is used with NGINX Ingress Controller.

License

Apache License, Version 2.0.