diff --git a/configs/otelcol-contrib.yaml b/configs/otelcol-contrib.yaml index 95f59b5f..824d9707 100644 --- a/configs/otelcol-contrib.yaml +++ b/configs/otelcol-contrib.yaml @@ -1,3 +1,6 @@ +# To limit exposure to denial of service attacks, change the host in endpoints below from 0.0.0.0 to a specific network interface. +# See https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks + extensions: health_check: pprof: @@ -9,9 +12,12 @@ receivers: otlp: protocols: grpc: + endpoint: 0.0.0.0:4317 http: + endpoint: 0.0.0.0:4318 opencensus: + endpoint: 0.0.0.0:55678 # Collect own metrics prometheus: @@ -25,11 +31,16 @@ receivers: jaeger: protocols: grpc: + endpoint: 0.0.0.0:14250 thrift_binary: + endpoint: 0.0.0.0:6832 thrift_compact: + endpoint: 0.0.0.0:6831 thrift_http: + endpoint: 0.0.0.0:14268 zipkin: + endpoint: 0.0.0.0:9411 processors: batch: diff --git a/configs/otelcol.yaml b/configs/otelcol.yaml index 95f59b5f..824d9707 100644 --- a/configs/otelcol.yaml +++ b/configs/otelcol.yaml @@ -1,3 +1,6 @@ +# To limit exposure to denial of service attacks, change the host in endpoints below from 0.0.0.0 to a specific network interface. +# See https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks + extensions: health_check: pprof: @@ -9,9 +12,12 @@ receivers: otlp: protocols: grpc: + endpoint: 0.0.0.0:4317 http: + endpoint: 0.0.0.0:4318 opencensus: + endpoint: 0.0.0.0:55678 # Collect own metrics prometheus: @@ -25,11 +31,16 @@ receivers: jaeger: protocols: grpc: + endpoint: 0.0.0.0:14250 thrift_binary: + endpoint: 0.0.0.0:6832 thrift_compact: + endpoint: 0.0.0.0:6831 thrift_http: + endpoint: 0.0.0.0:14268 zipkin: + endpoint: 0.0.0.0:9411 processors: batch: