starred/uptime-kuma

Fork 0

mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00

/metrics endpoint is not available when auth is enabled. #4571

New issue

Open

opened 2026-02-28 04:07:45 -05:00 by deekerman · 2 comments

deekerman commented

2026-02-28 04:07:45 -05:00

Owner

Originally created by @keithellis74 on GitHub (Jan 2, 2026).

Not found any related issues

🛡️ Security Policy

I have read and agree to Uptime Kuma's Security Policy.

📝 Description

Uptime-kuma, version 2.02, Docker install.
When Auth is disabled in settings the endpoint/metrics works as expected.
When Auth is enabled, the /metrics endpoint does not accept the basic auth credentials and reports 401 Unauthorised.

I tried with API key and I get the same, 401 Unauthorised.

I've had prometheus pulling these metrics with no problems with basic auth for a year or more. But recently basic auth has been failing and I'm unable to pull the metrics now.

👟 Reproduction steps

point browser to http://x.x.x.x/metrics Basic auth request fails.

a curl request responds as follows:

kellis@DietPi:~/appdata/prometheus$ curl -v -u keithellis:Setting-Bulk-Cathedral3-Hurling http://192.168.54.30:3001/metrics
*   Trying 192.168.54.30:3001...
* Connected to 192.168.54.30 (192.168.54.30) port 3001
* using HTTP/1.x
* Server auth using Basic with user 'keithellis'
> GET /metrics HTTP/1.1
> Host: 192.168.54.30:3001
> Authorization: Basic a2VpdGhlbGxpczpTZXR0aW5nLUJ1bGstQ2F0aGVkcmFsMy1IdXJsaW5n
> User-Agent: curl/8.14.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< X-Frame-Options: SAMEORIGIN
* Basic authentication problem, ignoring.
< WWW-Authenticate: Basic
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
< Date: Sat, 03 Jan 2026 01:11:31 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
<
* Connection #0 to host 192.168.54.30 left intact

I know I've pasted a password in here, this is not a real password, I'm not using it.

👀 Expected behavior

Prometheus metrics provided.

😓 Actual Behavior

Auth error

🐻 Uptime-Kuma Version

2.0.2

💻 Operating System and Arch

Unraid 7.2.3 Docker Template. & DietPi Docker

🌐 Browser

Safari/Firefox

🖥️ Deployment Environment

Runtime Environment:
- Docker: Version 27.5.1, build 9f9e405)
- Docker Compose: Version v2.40.3
Database:
- SQLite: Embedded
Database Storage:
- Filesystem:
  - Linux: ext4
  - Unraid 7.2.3
- Storage Medium: HDD/
Uptime Kuma Setup:
- Number of monitors: 50

📝 Relevant log output

2026-01-03T01:23:48Z [API-AUTH] WARN: Failed API auth attempt: invalid API Key

Originally created by @keithellis74 on GitHub (Jan 2, 2026). ### 📑 I have found these related issues/pull requests Not found any related issues ### 🛡️ Security Policy - [x] I have read and agree to Uptime Kuma's [Security Policy](https://github.com/louislam/uptime-kuma/security/policy). ### 📝 Description Uptime-kuma, version 2.02, Docker install. When Auth is disabled in settings the endpoint/metrics works as expected. When Auth is enabled, the /metrics endpoint does not accept the basic auth credentials and reports 401 Unauthorised. I tried with API key and I get the same, 401 Unauthorised. I've had prometheus pulling these metrics with no problems with basic auth for a year or more. But recently basic auth has been failing and I'm unable to pull the metrics now. ### 👟 Reproduction steps point browser to http://x.x.x.x/metrics Basic auth request fails. a curl request responds as follows: ``` kellis@DietPi:~/appdata/prometheus$ curl -v -u keithellis:Setting-Bulk-Cathedral3-Hurling http://192.168.54.30:3001/metrics * Trying 192.168.54.30:3001... * Connected to 192.168.54.30 (192.168.54.30) port 3001 * using HTTP/1.x * Server auth using Basic with user 'keithellis' > GET /metrics HTTP/1.1 > Host: 192.168.54.30:3001 > Authorization: Basic a2VpdGhlbGxpczpTZXR0aW5nLUJ1bGstQ2F0aGVkcmFsMy1IdXJsaW5n > User-Agent: curl/8.14.1 > Accept: */* > * Request completely sent off < HTTP/1.1 401 Unauthorized < X-Frame-Options: SAMEORIGIN * Basic authentication problem, ignoring. < WWW-Authenticate: Basic < Content-Type: text/html; charset=utf-8 < Content-Length: 0 < ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" < Date: Sat, 03 Jan 2026 01:11:31 GMT < Connection: keep-alive < Keep-Alive: timeout=5 < * Connection #0 to host 192.168.54.30 left intact ``` I know I've pasted a password in here, this is not a real password, I'm not using it. ### 👀 Expected behavior Prometheus metrics provided. ### 😓 Actual Behavior Auth error ### 🐻 Uptime-Kuma Version 2.0.2 ### 💻 Operating System and Arch Unraid 7.2.3 Docker Template. & DietPi Docker ### 🌐 Browser Safari/Firefox ### 🖥️ Deployment Environment - **Runtime Environment**: - Docker: Version `27.5.1, build 9f9e405`) - Docker Compose: Version `v2.40.3` - **Database**: - SQLite: Embedded - **Database Storage**: - **Filesystem**: - Linux: ext4 - Unraid 7.2.3 - **Storage Medium**: HDD/ - **Uptime Kuma Setup**: - Number of monitors: `50` ### 📝 Relevant log output ```bash session 2026-01-03T01:23:48Z [API-AUTH] WARN: Failed API auth attempt: invalid API Key ```

deekerman added the

help

cannot-reproduce

labels

2026-02-28 04:07:45 -05:00

deekerman commented

2026-02-28 04:07:49 -05:00

Author

Owner

@CommanderStorm commented on GitHub (Jan 2, 2026):

We have not touched any code in this area in a long while. (I think this might be user error -> changed this to an help issue. If it is a confirmed bug I can always retag)

Can you reproduce this if you do a fresh docker run ...?

You can also authenticate using an API Key instead. As soon as you add your first API key, the use of basic authentication for the endpoint will be permanently disabled.

This is documented here, not quite sure how well this is documented in the UI.

I tried with API key and I get the same, 401 Unauthorised.

Not sure what is happening there

@CommanderStorm commented on GitHub (Jan 2, 2026): We have not touched any code in this area in a long while. (I think this might be user error -> changed this to an `help` issue. If it is a confirmed bug I can always retag) Can you reproduce this if you do a fresh `docker run ...`? > You can also authenticate using an [API Key](https://github.com/louislam/uptime-kuma/wiki/API-Keys.md#authenticating-using-an-api-key) instead. As soon as you add your first API key, the use of basic authentication for the endpoint will be permanently disabled. This is documented [here](https://github.com/louislam/uptime-kuma/wiki/Prometheus-Integration), not quite sure how well this is documented in the UI. > I tried with API key and I get the same, 401 Unauthorised. Not sure what is happening there

deekerman commented

2026-02-28 04:07:49 -05:00

Author

Owner

@keithellis74 commented on GitHub (Jan 3, 2026):

Yes, I rolled back to a 1.xx revision and it still was not working. I get the same issue on a fresh install at another location. I’ll try a docker run install also and post back.
Regards,Keith Ellis

@keithellis74 commented on GitHub (Jan 3, 2026): Yes, I rolled back to a 1.xx revision and it still was not working. I get the same issue on a fresh install at another location. I’ll try a docker run install also and post back. Regards,Keith Ellis