Docker daemon metrics can be enabled by setting dockerd options:

OPTIONS="--experimental --metric-addr 127.0.0.1:9323"

The above can also be done by configuring /etc/docker/daemon.json. This would expose my metrics on localhost:9323 over HTTP. I can access my metrics through curl, for example:

curl http://localhost:9323/metrics

However, I want to expose my docker daemon metrics over HTTPS to be scraped using Prometheus. Is there a way to do this?

I tried enabling TLS verification by setting the following flags: --tls-verify, --tlscert, --tlskey and --tlscacert, but this does not affect the metrics endpoint.

Posted my question on SO as well.

Hi

I think the only way is to start a proxy container that offloads ssl to the docker endpoint

Thanks for the suggestion. This is what I ended up doing.