diff options
Diffstat (limited to 'docs/cloud/alerts-notifications')
7 files changed, 0 insertions, 505 deletions
diff --git a/docs/cloud/alerts-notifications/add-discord-notification.md b/docs/cloud/alerts-notifications/add-discord-notification.md deleted file mode 100644 index 3edf5002b..000000000 --- a/docs/cloud/alerts-notifications/add-discord-notification.md +++ /dev/null @@ -1,44 +0,0 @@ -# Add Discord notification configuration - -From the Netdata Cloud UI, you can manage your space's notification settings and enable the configuration to deliver notifications on Discord. - -## Prerequisites - -To enable Discord notifications you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Have a Discord server able to receive webhook integrations. For more details check [how to configure this on Discord](#settings-on-discord) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **Discord** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For Discord: - - Define the type channel you want to send notifications to: **Text channel** or **Forum channel** - - Webhook URL - URL provided on Discord for the channel you want to receive your notifications. For more details check [how to configure this on Discord](#settings-on-discord) - - Thread name - if the Discord channel is a **Forum channel** you will need to provide the thread name as well - -## Settings on Discord - -## Enable webhook integrations on Discord server - -To enable the webhook integrations on Discord you need: -1. Go to *Integrations** under your **Server Settings - - ![image](https://user-images.githubusercontent.com/82235632/214091719-89372894-d67f-4ec5-98d0-57c7d4256ebf.png) - -1. **Create Webhook** or **View Webhooks** if you already have some defined -1. When you create a new webhook you specify: Name and Channel -1. Once you have this configured you will need the Webhook URL to add your notification configuration on Netdata UI - - ![image](https://user-images.githubusercontent.com/82235632/214092713-d16389e3-080f-4e1c-b150-c0fccbf4570e.png) - -For more details please read this article from Discord: [Intro to Webhooks](https://support.discord.com/hc/en-us/articles/228383668). diff --git a/docs/cloud/alerts-notifications/add-mattermost-notification-configuration.md b/docs/cloud/alerts-notifications/add-mattermost-notification-configuration.md deleted file mode 100644 index 79bc98619..000000000 --- a/docs/cloud/alerts-notifications/add-mattermost-notification-configuration.md +++ /dev/null @@ -1,51 +0,0 @@ -# Add Mattermost notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on Mattermost. - -## Prerequisites - -To add Mattermost notification configurations you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Space needs to be on **Business** plan or higher -- Have a Mattermost app on your workspace to receive the webhooks, for more details check [how to configure this on Mattermost](#settings-on-mattermost) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **Mattermost** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For Mattermost: - - Webhook URL - URL provided on Mattermost for the channel you want to receive your notifications. For more details check [how to configure this on Mattermost](#settings-on-mattermost) - -## Settings on Mattermost - -To enable the webhook integrations on Mattermost you need: -1. In Mattermost, go to Product menu > Integrations > Incoming Webhook. - -![image](https://user-images.githubusercontent.com/26550862/243394526-6d45f6c2-c3cc-4d5f-a9cb-85d8170fc8ac.png) - - - If you don’t have the Integrations option, incoming webhooks may not be enabled on your Mattermost server or may be disabled for non-admins. They can be enabled by a System Admin from System Console > Integrations > Integration Management. Once incoming webhooks are enabled, continue with the steps below - -![image](https://user-images.githubusercontent.com/26550862/243394734-f911ccf7-bb18-41b2-ab52-31195861dd1b.png) - -2. Select Add Incoming Webhook and add a name and description for the webhook. The description can be up to 500 characters - -3. Select the channel to receive webhook payloads, then select Add to create the webhook - -![image](https://user-images.githubusercontent.com/26550862/243394626-363b7cbc-3550-47ef-b2f3-ce929919145f.png) - -4. You will end up with a webhook endpoint that looks like so: -``` -https://your-mattermost-server.com/hooks/xxx-generatedkey-xxx -``` - - Treat this endpoint as a secret. Anyone who has it will be able to post messages to your Mattermost instance. - -For more details please check Mattermost's article [Incoming webhooks for Mattermost](https://developers.mattermost.com/integrate/webhooks/incoming/). diff --git a/docs/cloud/alerts-notifications/add-opsgenie-notification-configuration.md b/docs/cloud/alerts-notifications/add-opsgenie-notification-configuration.md deleted file mode 100644 index 0a80311ef..000000000 --- a/docs/cloud/alerts-notifications/add-opsgenie-notification-configuration.md +++ /dev/null @@ -1,37 +0,0 @@ -# Add Opsgenie notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on Opsgenie. - -## Prerequisites - -To add Opsgenie notification configurations you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Space on **Business** plan or higher -- Have a permission to add new integrations in Opsgenie. - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **Opsgenie** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For Opsgenie: - - API Key - a key provided on Opsgenie for the channel you want to receive your notifications. For more details check [how to configure this on Opsgenie](#settings-on-opsgenie) - -## Settings on Opsgenie - -To enable the Netdata integration on Opsgenie you need: -1. Go to integrations tab of your team, click **Add integration**. - - ![image](https://user-images.githubusercontent.com/93676586/230361479-cb73919c-452d-47ec-8066-ed99be5f05e2.png) - -1. Pick **API** from available integrations. Copy your API Key and press **Save Integration**. - -1. Paste copied API key into the corresponding field in **Integration configuration** section of Opsgenie modal window in Netdata. diff --git a/docs/cloud/alerts-notifications/add-pagerduty-notification-configuration.md b/docs/cloud/alerts-notifications/add-pagerduty-notification-configuration.md deleted file mode 100644 index eec4f94c1..000000000 --- a/docs/cloud/alerts-notifications/add-pagerduty-notification-configuration.md +++ /dev/null @@ -1,43 +0,0 @@ -# Add PagerDuty notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on PagerDuty. - -## Prerequisites - -To add PagerDuty notification configurations you need: - -- A Cloud account -- Access to the space as and **administrator** -- Space needs to be on **Business** plan or higher -- Have a PagerDuty service to receive events, for more details check [how to configure this on PagerDuty](#settings-on-pagerduty) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **PagerDuty** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For PagerDuty: - - Integration Key - is a 32 character key provided by PagerDuty to receive events on your service. For more details check [how to configure this on PagerDuty](#settings-on-pagerduty) - -## Settings on PagerDuty - -## Enable webhook integrations on PagerDuty - -To enable the webhook integrations on PagerDuty you need: -1. Create a service to receive events from your services directory page: - - ![image](https://user-images.githubusercontent.com/2930882/214254148-03714f31-7943-4444-9b63-7b83c9daa025.png) - -1. At step 3, select `Events API V2` Integration:or **View Webhooks** if you already have some defined - - ![image](https://user-images.githubusercontent.com/2930882/214254466-423cf493-037d-47bd-b9e6-fc894897f333.png) - -1. Once the service is created you will be redirected to its configuration page, where you can copy the **integration key**, that you will need need to add to your notification configuration on Netdata UI: - - ![image](https://user-images.githubusercontent.com/2930882/214255916-0d2e53d5-87cc-408a-9f5b-0308a3262d5c.png) diff --git a/docs/cloud/alerts-notifications/add-rocketchat-notification-configuration.md b/docs/cloud/alerts-notifications/add-rocketchat-notification-configuration.md deleted file mode 100644 index 6a81ad1d7..000000000 --- a/docs/cloud/alerts-notifications/add-rocketchat-notification-configuration.md +++ /dev/null @@ -1,49 +0,0 @@ -# Add RocketChat notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on RocketChat. - -## Prerequisites - -To add RocketChat notification configurations you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Space needs to be on **Business** plan or higher -- Have a RocketChat app on your workspace to receive the webhooks, for more details check [how to configure this on RocketChat](#settings-on-rocketchat) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **RocketChat** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For RocketChat: - - Webhook URL - URL provided on RocketChat for the channel you want to receive your notifications. For more details check [how to configure this on RocketChat](#settings-on-rocketchat) - -## Settings on RocketChat - -To enable the webhook integrations on RocketChat you need: -1. In RocketChat, Navigate to Administration > Workspace > Integrations. - -2. Click +New at the top right corner. - -![image](https://user-images.githubusercontent.com/26550862/246235250-84f45b35-03f3-4ab4-96ac-6ab4d1c662b5.png) - -3. For more details about each parameter, check [create-a-new-incoming-webhook](https://docs.rocket.chat/use-rocket.chat/workspace-administration/integrations#create-a-new-incoming-webhook). - -4. After configuring integration, click Save. - -![image](https://user-images.githubusercontent.com/26550862/246235321-25ed9a7b-92ac-4956-9d76-e83ffc51b5c1.png) - -4. You will end up with a webhook endpoint that looks like so: -``` -https://your-server.rocket.chat/hooks/YYYYYYYYYYYYYYYYYYYYYYYY/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -``` - - Treat this endpoint as a secret. Anyone who has it will be able to post messages to your RocketChat instance. - -For more details please check RocketChat's article [Incoming webhooks for RocketChat](https://docs.rocket.chat/use-rocket.chat/workspace-administration/integrations/). diff --git a/docs/cloud/alerts-notifications/add-slack-notification-configuration.md b/docs/cloud/alerts-notifications/add-slack-notification-configuration.md deleted file mode 100644 index ed845b4d3..000000000 --- a/docs/cloud/alerts-notifications/add-slack-notification-configuration.md +++ /dev/null @@ -1,47 +0,0 @@ -# Add Slack notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on Slack. - -## Prerequisites - -To add slack notification configurations you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Space needs to be on **Business** plan or higher -- Have a Slack app on your workspace to receive the webhooks, for more details check [how to configure this on Slack](#settings-on-slack) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **Slack** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For Slack: - - Webhook URL - URL provided on Slack for the channel you want to receive your notifications. For more details check [how to configure this on Slack](#settings-on-slack) - -## Settings on Slack - -To enable the webhook integrations on Slack you need: -1. Create an app to receive webhook integrations. Check [Create an app](https://api.slack.com/apps?new_app=1) from Slack documentation for further details -1. Install the app on your workspace -1. Configure Webhook URLs for your workspace - - On your app go to **Incoming Webhooks** and click on **activate incoming webhooks** - - ![image](https://user-images.githubusercontent.com/2930882/214251948-486229bb-195b-499b-92e4-4be59a567a19.png) - - - At the bottom of **Webhook URLs for Your Workspace** section you have **Add New Webhook to Workspace** - - After pressing that specify the channel where you want your notifications to be delivered - - ![image](https://user-images.githubusercontent.com/82235632/214103532-95f9928d-d4d6-4172-9c24-a4ddd330e96d.png) - - - Once completed copy the Webhook URL that you will need to add to your notification configuration on Netdata UI - - ![image](https://user-images.githubusercontent.com/82235632/214104412-13aaeced-1b40-4894-85f6-9db0eb35c584.png) - -For more details please check Slacks's article [Incoming webhooks for Slack](https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack). diff --git a/docs/cloud/alerts-notifications/add-webhook-notification-configuration.md b/docs/cloud/alerts-notifications/add-webhook-notification-configuration.md deleted file mode 100644 index 4fb518f63..000000000 --- a/docs/cloud/alerts-notifications/add-webhook-notification-configuration.md +++ /dev/null @@ -1,234 +0,0 @@ -# Add webhook notification configuration - -From the Cloud interface, you can manage your space's notification settings and from these you can add a specific configuration to get notifications delivered on a webhook using a predefined schema. - -## Prerequisites - -To add webhook notification configurations you need: - -- A Netdata Cloud account -- Access to the space as an **administrator** -- Space needs to be on **Pro** plan or higher -- Have an app that allows you to receive webhooks following a predefined schema, for more details check [how to create the webhook service](#webhook-service) - -## Steps - -1. Click on the **Space settings** cog (located above your profile icon) -1. Click on the **Notification** tab -1. Click on the **+ Add configuration** button (near the top-right corner of your screen) -1. On the **webhook** card click on **+ Add** -1. A modal will be presented to you to enter the required details to enable the configuration: - 1. **Notification settings** are Netdata specific settings - - Configuration name - you can optionally provide a name for your configuration you can easily refer to it - - Rooms - by specifying a list of Rooms you are select to which nodes or areas of your infrastructure you want to be notified using this configuration - - Notification - you specify which notifications you want to be notified using this configuration: All Alerts and unreachable, All Alerts, Critical only - 1. **Integration configuration** are the specific notification integration required settings, which vary by notification method. For webhook: - - Webhook URL - webhook URL is the url of the service that Netdata will send notifications to. In order to keep the communication secured, we only accept HTTPS urls. Check [how to create the webhook service](#webhook-service). - - Extra headers - these are optional key-value pairs that you can set to be included in the HTTP requests sent to the webhook URL. For more details check [Extra headers](#extra-headers) - - Authentication Mechanism - Netdata webhook integration supports 3 different authentication mechanisms. For more details check [Authentication mechanisms](#authentication-mechanisms): - - Mutual TLS (recommended) - default authentication mechanism used if no other method is selected. - - Basic - the client sends a request with an Authorization header that includes a base64-encoded string in the format **username:password**. These will settings will be required inputs. - - Bearer - the client sends a request with an Authorization header that includes a **bearer token**. This setting will be a required input. - -## Webhook service - -A webhook integration allows your application to receive real-time alerts from Netdata by sending HTTP requests to a specified URL. In this document, we'll go over the steps to set up a generic webhook integration, including adding headers, and implementing different types of authorization mechanisms. - -### Netdata webhook integration - -A webhook integration is a way for one service to notify another service about events that occur within it. This is done by sending an HTTP POST request to a specified URL (known as the "webhook URL") when an event occurs. - -Netdata webhook integration service will send alert notifications to the destination service as soon as they are detected. - -The notification content sent to the destination service will be a JSON object having these properties: - -| field | type | description | -|:----------------------------------|:------------------------------|:--------------------------------------------------------------------------| -| message | string | A summary message of the alert. | -| alarm | string | The alert the notification is about. | -| info | string | Additional info related with the alert. | -| chart | string | The chart associated with the alert. | -| context | string | The chart context. | -| space | string | The space where the node that raised the alert is assigned. | -| rooms | object[object(string,string)] | Object with list of rooms names and urls where the node belongs to. | -| family | string | Context family. | -| class | string | Classification of the alert, e.g. "Error". | -| severity | string | Alert severity, can be one of "warning", "critical" or "clear". | -| date | string | Date of the alert in ISO8601 format. | -| duration | string | Duration the alert has been raised. | -| additional_active_critical_alerts | integer | Number of additional critical alerts currently existing on the same node. | -| additional_active_warning_alerts | integer | Number of additional warning alerts currently existing on the same node. | -| alarm_url | string | Netdata Cloud URL for this alert. | - -### Extra headers - -When setting up a webhook integration, the user can specify a set of headers to be included in the HTTP requests sent to the webhook URL. - -By default, the following headers will be sent in the HTTP request - -| **Header** | **Value** | -|:------------:|------------------| -| Content-Type | application/json | - -### Authentication mechanisms - -Netdata webhook integration supports 3 different authentication mechanisms: - -#### Mutual TLS authentication (recommended) - -In mutual Transport Layer Security (mTLS) authentication, the client and the server authenticate each other using X.509 certificates. This ensures that the client is connecting to the intended server, and that the server is only accepting connections from authorized clients. - -This is the default authentication mechanism used if no other method is selected. - -To take advantage of mutual TLS, you can configure your server to verify Netdata's client certificate. In order to achieve this, the Netdata client sending the notification supports mutual TLS (mTLS) to identify itself with a client certificate that your server can validate. - -The steps to perform this validation are as follows: - -- Store Netdata CA certificate on a file in your disk. The content of this file should be: - -<details> - <summary>Netdata CA certificate</summary> - -``` ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIUDV0rS5jXsyNX33evHEQOwn9fPo0wDQYJKoZIhvcNAQEN -BQAwgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH -Ew1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1OZXRkYXRhLCBJbmMuMRIwEAYDVQQL -EwlDbG91ZCBTUkUxGDAWBgNVBAMTD05ldGRhdGEgUm9vdCBDQTAeFw0yMzAyMjIx -MjQzMDBaFw0zMzAyMTkxMjQzMDBaMIGAMQswCQYDVQQGEwJVUzETMBEGA1UECBMK -Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEWMBQGA1UEChMNTmV0 -ZGF0YSwgSW5jLjESMBAGA1UECxMJQ2xvdWQgU1JFMRgwFgYDVQQDEw9OZXRkYXRh -IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwIg7z3R++ -ppQYYVVoMIDlhWO3qVTMsAQoJYEvVa6fqaImUBLW/k19LUaXgUJPohB7gBp1pkjs -QfY5dBo8iFr7MDHtyiAFjcQV181sITTMBEJwp77R4slOXCvrreizhTt1gvf4S1zL -qeHBYWEgH0RLrOAqD0jkOHwewVouO0k3Wf2lEbCq3qRk2HeDvkv0LR7sFC+dDms8 -fDHqb/htqhk+FAJELGRqLeaFq1Z5Eq1/9dk4SIeHgK5pdYqsjpBzOTmocgriw6he -s7F3dOec1ZZdcBEAxOjbYt4e58JwuR81cWAVMmyot5JNCzYVL9e5Vc5n22qt2dmc -Tzw2rLOPt9pT5bzbmyhcDuNg2Qj/5DySAQ+VQysx91BJRXyUimqE7DwQyLhpQU72 -jw29lf2RHdCPNmk8J1TNropmpz/aI7rkperPugdOmxzP55i48ECbvDF4Wtazi+l+ -4kx7ieeLfEQgixy4lRUUkrgJlIDOGbw+d2Ag6LtOgwBiBYnDgYpvLucnx5cFupPY -Cy3VlJ4EKUeQQSsz5kVmvotk9MED4sLx1As8V4e5ViwI5dCsRfKny7BeJ6XNPLnw -PtMh1hbiqCcDmB1urCqXcMle4sRhKccReYOwkLjLLZ80A+MuJuIEAUUuEPCwywzU -R7pagYsmvNgmwIIuJtB6mIJBShC7TpJG+wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU9IbvOsPSUrpr8H2zSafYVQ9e -Ft8wDQYJKoZIhvcNAQENBQADggIBABQ08aI31VKZs8jzg+y/QM5cvzXlVhcpkZsY -1VVBr0roSBw9Pld9SERrEHto8PVXbadRxeEs4sKivJBKubWAooQ6NTvEB9MHuGnZ -VCU+N035Gq/mhBZgtIs/Zz33jTB2ju3G4Gm9VTZbVqd0OUxFs41Iqvi0HStC3/Io -rKi7crubmp5f2cNW1HrS++ScbTM+VaKVgQ2Tg5jOjou8wtA+204iYXlFpw9Q0qnP -qq6ix7TfLLeRVp6mauwPsAJUgHZluz7yuv3r7TBdukU4ZKUmfAGIPSebtB3EzXfH -7Y326xzv0hEpjvDHLy6+yFfTdBSrKPsMHgc9bsf88dnypNYL8TUiEHlcTgCGU8ts -ud8sWN2M5FEWbHPNYRVfH3xgY2iOYZzn0i+PVyGryOPuzkRHTxDLPIGEWE5susM4 -X4bnNJyKH1AMkBCErR34CLXtAe2ngJlV/V3D4I8CQFJdQkn9tuznohUU/j80xvPH -FOcDGQYmh4m2aIJtlNVP6+/92Siugb5y7HfslyRK94+bZBg2D86TcCJWaaZOFUrR -Y3WniYXsqM5/JI4OOzu7dpjtkJUYvwtg7Qb5jmm8Ilf5rQZJhuvsygzX6+WM079y -nsjoQAm6OwpTN5362vE9SYu1twz7KdzBlUkDhePEOgQkWfLHBJWwB+PvB1j/cUA3 -5zrbwvQf ------END CERTIFICATE----- -``` -</details> - -- Enable client certificate validation on the web server that is doing the TLS termination. Below we show you how to perform this configuration in `NGINX` and `Apache` - - **NGINX** - -```bash -server { - listen 443 ssl default_server; - - # ... existing SSL configuration for server authentication ... - ssl_verify_client on; - ssl_client_certificate /path/to/Netdata_CA.pem; - - location / { - if ($ssl_client_s_dn !~ "CN=app.netdata.cloud") { - return 403; - } - # ... existing location configuration ... - } -} -``` - -**Apache** - -```bash -Listen 443 -<VirtualHost *:443> - # ... existing SSL configuration for server authentication ... - SSLVerifyClient require - SSLCACertificateFile "/path/to/Netdata_CA.pem" -</VirtualHost> -<Directory /var/www/> - Require expr "%{SSL_CLIENT_S_DN_CN} == 'app.netdata.cloud'" - # ... existing directory configuration ... -</Directory> -``` - -#### Basic authentication - -In basic authorization, the client sends a request with an Authorization header that includes a base64-encoded string in the format username:password. The server then uses this information to authenticate the client. If this authentication method is selected, the user can set the user and password that will be used when connecting to the destination service. - -#### Bearer token authentication - -In bearer token authentication, the client sends a request with an Authorization header that includes a bearer token. The server then uses this token to authenticate the client. Bearer tokens are typically generated by an authentication service, and are passed to the client after a successful authentication. If this method is selected, the user can set the token to be used for connecting to the destination service. - -##### Challenge secret - -To validate that you has ownership of the web application that will receive the webhook events, we are using a challenge response check mechanism. - -This mechanism works as follows: - -- The challenge secret parameter that you provide is a shared secret between you and Netdata only. -- On your request for creating a new Webhook integration, we will make a GET request to the url of the webhook, adding a query parameter `crc_token`, consisting of a random string. -- You will receive this request on your application and it must construct an encrypted response, consisting of a base64-encoded HMAC SHA-256 hash created from the crc_token and the shared secret. The response will be in the format: - -```json -{ - "response_token": "sha256=9GKoHJYmcHIkhD+C182QWN79YBd+D+Vkj4snmZrfNi4=" -} -``` - -- We will compare your application's response with the hash that we will generate using the challenge secret, and if they are the same, the integration creation will succeed. - -We will do this validation everytime you update your integration configuration. - -- Response requirements: - - A base64 encoded HMAC SHA-256 hash created from the crc_token and the shared secret. - - Valid response_token and JSON format. - - Latency less than 5 seconds. - - 200 HTTP response code. - -**Example response token generation in Python:** - -Here you can see how to define a handler for a Flask application in python 3: - -```python -import base64 -import hashlib -import hmac -import json - -key ='YOUR_CHALLENGE_SECRET' - -@app.route('/webhooks/netdata') -def webhook_challenge(): - token = request.args.get('crc_token').encode('ascii') - - # creates HMAC SHA-256 hash from incomming token and your consumer secret - sha256_hash_digest = hmac.new(key.encode(), - msg=token, - digestmod=hashlib.sha256).digest() - - # construct response data with base64 encoded hash - response = { - 'response_token': 'sha256=' + base64.b64encode(sha256_hash_digest).decode('ascii') - } - - # returns properly formatted json response - return json.dumps(response) -``` - -#### Related topics - -- [Alerts Configuration](https://github.com/netdata/netdata/blob/master/health/README.md) -- [Alert Notifications](https://github.com/netdata/netdata/blob/master/docs/cloud/alerts-notifications/notifications.md) -- [Manage notification methods](https://github.com/netdata/netdata/blob/master/docs/cloud/alerts-notifications/manage-notification-methods.md) |