Set a different web listener for /metrics

The idea is:

Having a way to set the /metrics endpoint on a dedicated web listener. That way it would make possible to make n8n listen on a separate port, address or interface for security measures.

My use case:

n8n runs on a machine with two intercaes, one on my public reverse proxy network and one on my admin network. I wish that the /metrics would be reachable only from my admin network.

I think it would be beneficial to add this because:

security and flexibility

Are you willing to work on this?

Not a developper.

Hey @raspbeguy,

Right now the solution for this would be to configure a reverse proxy or firewall to restrict the URIs that can be accessed. But I do like the idea of maybe being able to set the network for some features of n8n.

This is what I do right now. But I find that not very elegant, and the protection of this endpoint is entirely dependant of the robustness of the reverse proxy (and on the eventual human error on its configuration) while having the possibility to physically separate the listener interface add way more peace of mind, especially because lots of other softwares exposing metrics are doing that.

We could talk about that all day :slight_smile:

If there is enough interest I am sure it will happen.