Bug description
Hi,
I open this bug as sibling of the very same bug I opened for node-exporter (prometheus/node_exporter#3496).
As stated also there, I'm trying to run a Postgres Exporter server with TLS using prometheuscommunity/postgres-exporter:latest.
postgres-exporter works just fine with TLS passing the necessary configuration through the --web.config.file option. The problem is instead setting the healthcheck command, where I use wget.
Unfortunately the image uses a Busybox version (busybox:1.36.1) which is well-known to have a faulty wget, which doesn't implement TLS verification correctly (see docker-library/busybox#162).
The result is that the healthcheck command:
# postgres_exporter runs on port 2110
wget -q --spider --no-check-certificate https://localhost:2110/metrics
fails with the message:
wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer
This error has been solved with busybox:1.37. So, I would encourage to update quay.io/prometheus/busybox-${OS}-${ARCH}:latest to use this version and provide a newer prometheuscommunity/postgres-exporter:latest image.
What did you do?
Tried to run Postgres Exporter with TLS and set a valid healthcheck command.
What did you expect to see?
The healthcheck run with wget -q --spider --no-check-certificate https://localhost:9116/metrics to succeed.
What did you see instead? Under which circumstances?
The healthcheck command fails:
wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer
Environment
uname -srm
Linux 5.14.0-611.7.1.el9_7.x86_64 x86_64
- postgres_exporter version:
/ # postgres_exporter --version
postgres_exporter, version 0.18.1 (branch: HEAD, revision: 320b684f3dcd3f09b6e694e43f9b389b1a8199e5)
build user: root@83cf77f7d3ab
build date: 20250929-17:16:35
go version: go1.24.7
platform: linux/amd64
tags: unknown
--web.listen-address=:2110,
--config.file=/var/config/postgres_exporter.yaml
--web.config.file=/var/config/web-config.yaml
2025/12/02 11:00:37 http: TLS handshake error from 127.0.0.1:41508: tls: invalid ClientKeyExchange message
Bug description
Hi,
I open this bug as sibling of the very same bug I opened for
node-exporter(prometheus/node_exporter#3496).As stated also there, I'm trying to run a Postgres Exporter server with TLS using
prometheuscommunity/postgres-exporter:latest.postgres-exporterworks just fine with TLS passing the necessary configuration through the--web.config.fileoption. The problem is instead setting thehealthcheckcommand, where I usewget.Unfortunately the image uses a Busybox version (
busybox:1.36.1) which is well-known to have a faultywget, which doesn't implement TLS verification correctly (see docker-library/busybox#162).The result is that the healthcheck command:
# postgres_exporter runs on port 2110 wget -q --spider --no-check-certificate https://localhost:2110/metricsfails with the message:
This error has been solved with
busybox:1.37. So, I would encourage to updatequay.io/prometheus/busybox-${OS}-${ARCH}:latestto use this version and provide a newerprometheuscommunity/postgres-exporter:latestimage.What did you do?
Tried to run Postgres Exporter with TLS and set a valid
healthcheckcommand.What did you expect to see?
The healthcheck run with
wget -q --spider --no-check-certificate https://localhost:9116/metricsto succeed.What did you see instead? Under which circumstances?
The healthcheck command fails:
Environment
/ # postgres_exporter --version postgres_exporter, version 0.18.1 (branch: HEAD, revision: 320b684f3dcd3f09b6e694e43f9b389b1a8199e5) build user: root@83cf77f7d3ab build date: 20250929-17:16:35 go version: go1.24.7 platform: linux/amd64 tags: unknown