zcashd can now be configured to optionally expose an HTTP server that acts as a Prometheus scrape endpoint. The server will respond to
GET requests on any request path.
To enable the endpoint, add
-prometheusport=<port> to your
zcashd configuration (either in
zcash.conf or on the command line). After restarting
zcashd you can then test the endpoint by querying it with e.g.
The feature includes IP-level access control rules, the default being to allow connections only from localhost. Users of this feature should be aware of the threat from DNS rebinding attacks and not rely on these access control rules for security. The allowed IPs can be expanded with
-metricsallowip=<ip>, which can specify IPs or subnets.
Note that HTTPS is not supported, and therefore connections to the endpoint are not encrypted or authenticated. Access to the endpoint, including through DNS rebinding attacks, should be assumed to compromise the privacy of node operations, by the provided metrics and/or by timing side channels and so for now: You should NOT use this feature while private keys are loaded in zcashd.
The specific metrics names may change in subsequent releases, in particular to improve interoperability with