I am using Prometheus v3.0.1 in a docker container:

level=INFO source=main.go:689 msg="Starting Prometheus Server"
mode=server version="(version=3.0.1, branch=HEAD, revision=1f56e8492c31a558ccea833027db4bd7f8b6d0e9)"

I have an own PKI infrastructure running on my machine. I use it for generate the root CA and servers certs that I use for my local servers. I use the same certs for Prometheus as well. All my server certs are signed by the root CA.

I disabled validation of the server certificate by insecure_skip_verify: true, but Prometheus still shows related errors continuously in the log:

prometheus.hello                | time=2025-02-03T17:44:12.511Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:48990: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:17.518Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:49000: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:22.524Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:58582: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:27.532Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:58594: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:32.540Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:42734: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:37.548Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:42742: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:42.557Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:37172: remote error: tls: unknown certificate authority" component=web
prometheus.hello                | time=2025-02-03T17:44:47.565Z level=ERROR source=server.go:3487 msg="http: TLS handshake error from 172.19.0.1:37188: remote error: tls: unknown certificate authority" compo

The IP that appears in the log (172.19.0.1) is the Docker bridge IP address.

This is my prometheus.yml file:

global:
  scrape_interval: 5s
  evaluation_interval: 5s

# collecting the URLs to monitor from the service-segistry
scrape_configs:
  - job_name: "consul-service-discovery-job"
    metrics_path: /actuator/prometheus
    consul_sd_configs:
      - server: "consul.hello:8500"
        scheme: "http"
    relabel_configs:
      - source_labels: [__meta_consul_service_port] # exclude the consul node itself
        regex: "8300"
        action: drop
      - source_labels: [__scheme__]                 # spring-boot actuator endpoints use HTTPS
        regex: http
        target_label: __scheme__
        replacement: https
    tls_config:
      ca_file: /tmp/ca.crt
      cert_file: /tmp/prometheus.hello.crt
      key_file: /tmp/prometheus.hello.pem
      insecure_skip_verify: true

Why Prometheus trying to connect to the docker network bridge continuously apparently using random ports? Is that possible to disable it somehow?

Everything works as I expect but this endless log entries are so annoying.