diff --git a/extension/awsproxy/README.md b/extension/awsproxy/README.md index dbe62a19dc87..103eef258750 100644 --- a/extension/awsproxy/README.md +++ b/extension/awsproxy/README.md @@ -41,7 +41,7 @@ The TCP address and port on which this proxy listens for requests. Default: `localhost:2000` -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:2000`. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. ### proxy_address (Optional) diff --git a/extension/healthcheckextension/README.md b/extension/healthcheckextension/README.md index 3986147fab09..615129115ef5 100644 --- a/extension/healthcheckextension/README.md +++ b/extension/healthcheckextension/README.md @@ -29,7 +29,7 @@ liveness and/or readiness probe on Kubernetes. The following settings are required: -- `endpoint` (default = localhost:13133): Address to publish the health check status. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to 0.0.0.0:13133. This feature gate will be removed in a future release. +- `endpoint` (default = localhost:13133): Address to publish the health check status. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. - `path` (default = "/"): Specifies the path to be configured for the health check server. - `response_body` (default = ""): Specifies a static body that overrides the default response returned by the health check service. diff --git a/extension/healthcheckv2extension/README.md b/extension/healthcheckv2extension/README.md index 2f8c440afb8b..86192094d093 100644 --- a/extension/healthcheckv2extension/README.md +++ b/extension/healthcheckv2extension/README.md @@ -35,7 +35,7 @@ liveness and/or readiness probe on Kubernetes. The following settings are required: -- `endpoint` (default = localhost:13133): Address to publish the health check status. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to 0.0.0.0:13133. This feature gate will be removed in a future release. +- `endpoint` (default = localhost:13133): Address to publish the health check status. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. - `path` (default = "/"): Specifies the path to be configured for the health check server. - `response_body` (default = ""): Specifies a static body that overrides the default response returned by the health check service. - `check_collector_pipeline:` (deprecated and ignored): Settings of collector pipeline health check diff --git a/extension/jaegerremotesampling/README.md b/extension/jaegerremotesampling/README.md index 73d35cfa2d1f..a152cef1ff89 100644 --- a/extension/jaegerremotesampling/README.md +++ b/extension/jaegerremotesampling/README.md @@ -17,7 +17,7 @@ By default, two listeners are made available: - `localhost:5778`, following the legacy remote sampling endpoint as defined by Jaeger - `localhost:14250`, following the gRPC remote sampling endpoint, also defined by Jaeger -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:5778` and `0.0.0.0:14250` respectively. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. Note that the port `14250` will clash with the Jaeger Receiver. When both are used, it's recommended to change this extension to use another port. diff --git a/processor/remotetapprocessor/README.md b/processor/remotetapprocessor/README.md index deac68c238c2..1ca1e295adc0 100644 --- a/processor/remotetapprocessor/README.md +++ b/processor/remotetapprocessor/README.md @@ -27,7 +27,7 @@ The Remote Tap processor has two configurable fields: `endpoint` and `limit`: - `endpoint`: The endpoint on which the WebSocket processor listens. Optional. Defaults to `localhost:12001`. - You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:12001`. This feature gate will be removed in a future release. + See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. - `limit`: The rate limit over the WebSocket in messages per second. Can be a float or an integer. Optional. Defaults to `1`. diff --git a/receiver/awsfirehosereceiver/README.md b/receiver/awsfirehosereceiver/README.md index 0d6d38793fe0..64c20f13d7a2 100644 --- a/receiver/awsfirehosereceiver/README.md +++ b/receiver/awsfirehosereceiver/README.md @@ -38,7 +38,7 @@ The address:port to bind the listener to. default: `localhost:4433` -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:4433`. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. ### tls: See [documentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/config/configtls/README.md#server-configuration) for more details. diff --git a/receiver/awsxrayreceiver/README.md b/receiver/awsxrayreceiver/README.md index 55174cb9c0f2..5163880970a0 100644 --- a/receiver/awsxrayreceiver/README.md +++ b/receiver/awsxrayreceiver/README.md @@ -45,8 +45,7 @@ The UDP address and port on which this receiver listens for X-Ray segment docume Default: `localhost:2000` -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:2000`. This feature gate will be removed in a future release. - +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. ### transport (Optional) This should always be "udp" as X-Ray SDKs only send segments using UDP. @@ -61,7 +60,7 @@ The TCP address and port on which this receiver listens for calls from the X-Ray Default: `0.0.0.0:2000` -The `component.UseLocalHostAsDefaultHost` feature gate changes this to localhost:2000. This will become the default in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. ### proxy_address (Optional) Defines the proxy address that the local TCP server forwards HTTP requests to AWS X-Ray backend through. If left unconfigured, requests will be sent directly. diff --git a/receiver/influxdbreceiver/README.md b/receiver/influxdbreceiver/README.md index 5afdc21fb9ef..6a2a3695d57f 100644 --- a/receiver/influxdbreceiver/README.md +++ b/receiver/influxdbreceiver/README.md @@ -27,7 +27,7 @@ Write responses: The following configuration options are supported: -* `endpoint` (default = localhost:8086) HTTP service endpoint for the line protocol receiver. You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:8086`. This feature gate will be removed in a future release. +* `endpoint` (default = localhost:8086) HTTP service endpoint for the line protocol receiver. See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. The full list of settings exposed for this receiver are documented in [config.go](config.go). diff --git a/receiver/jaegerreceiver/README.md b/receiver/jaegerreceiver/README.md index e01b8e454156..6039fefa5908 100644 --- a/receiver/jaegerreceiver/README.md +++ b/receiver/jaegerreceiver/README.md @@ -28,7 +28,7 @@ object configuration parameter. - `thrift_compact` (default `endpoint` = localhost:6831) - `thrift_http` (default `endpoint` = localhost:14268) -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change tgese endpoints to 0.0.0.0:14250, 0.0.0.0:6832, 0.0.0.0:6831 and 0.0.0.0:14268. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. Examples: diff --git a/receiver/lokireceiver/README.md b/receiver/lokireceiver/README.md index 1def93850cc2..7786ce40873d 100644 --- a/receiver/lokireceiver/README.md +++ b/receiver/lokireceiver/README.md @@ -21,7 +21,7 @@ This receiver runs HTTP and GRPC servers to ingest log entries in Loki format. The settings are: -- `endpoint` (required, default = localhost:3500 for HTTP protocol, localhost:3600 gRPC protocol): host:port to which the receiver is going to receive data. You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:3500` and `0.0.0.0:3600`. This feature gate will be removed in a future release. +- `endpoint` (required, default = localhost:3500 for HTTP protocol, localhost:3600 gRPC protocol): host:port to which the receiver is going to receive data. See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. - `use_incoming_timestamp` (optional, default = false) if set `true` the timestamp from Loki log entry is used Example: diff --git a/receiver/opencensusreceiver/README.md b/receiver/opencensusreceiver/README.md index be85a074ed6d..65aba34c54e5 100644 --- a/receiver/opencensusreceiver/README.md +++ b/receiver/opencensusreceiver/README.md @@ -31,7 +31,7 @@ The following settings are configurable: - `endpoint` (default = localhost:55678): host:port to which the receiver is going to receive data. The valid syntax is described at - https://github.com/grpc/grpc/blob/master/doc/naming.md. You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:55678`. This feature gate will be removed in a future release. + https://github.com/grpc/grpc/blob/master/doc/naming.md. See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. ## Advanced Configuration diff --git a/receiver/sapmreceiver/README.md b/receiver/sapmreceiver/README.md index 77cda3c06d88..e2fec058f597 100644 --- a/receiver/sapmreceiver/README.md +++ b/receiver/sapmreceiver/README.md @@ -25,7 +25,7 @@ The following settings are required: - `endpoint` (default = `localhost:7276`): Address and port that the SAPM receiver should bind to. - You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:7276`. This feature gate will be removed in a future release. + See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. The following setting are optional: diff --git a/receiver/signalfxreceiver/README.md b/receiver/signalfxreceiver/README.md index 11737ec84cd8..b2b5fd171240 100644 --- a/receiver/signalfxreceiver/README.md +++ b/receiver/signalfxreceiver/README.md @@ -28,7 +28,7 @@ The following settings are required: - `endpoint` (default = `localhost:9943`): Address and port that the SignalFx receiver should bind to. - You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:9943`. This feature gate will be removed in a future release. + See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. The following settings are optional: diff --git a/receiver/skywalkingreceiver/README.md b/receiver/skywalkingreceiver/README.md index 1302d4507e55..58225100734f 100644 --- a/receiver/skywalkingreceiver/README.md +++ b/receiver/skywalkingreceiver/README.md @@ -32,7 +32,7 @@ object configuration parameter. - `grpc` (default `endpoint` = localhost:11800) - `http` (default `endpoint` = localhost:12800) -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change these to `0.0.0.0:11800` and `0.0.0.0:12800`. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. Examples: diff --git a/receiver/splunkhecreceiver/README.md b/receiver/splunkhecreceiver/README.md index c58dbcad491f..1887c71ea022 100644 --- a/receiver/splunkhecreceiver/README.md +++ b/receiver/splunkhecreceiver/README.md @@ -28,7 +28,7 @@ The following settings are required: * `endpoint` (default = `localhost:8088`): Address and port that the Splunk HEC receiver should bind to. -You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:8088`. This feature gate will be removed in a future release. +See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. The following settings are optional: diff --git a/receiver/zipkinreceiver/README.md b/receiver/zipkinreceiver/README.md index cf13a6043fe4..0fc0939be843 100644 --- a/receiver/zipkinreceiver/README.md +++ b/receiver/zipkinreceiver/README.md @@ -28,7 +28,7 @@ receivers: The following settings are configurable: -- `endpoint` (default = localhost:9411): host:port on which the receiver is going to receive data.You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:9411`. This feature gate will be removed in a future release. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). +- `endpoint` (default = localhost:9411): host:port on which the receiver is going to receive data.See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. For full list of `ServerConfig` refer [here](https://github.com/open-telemetry/opentelemetry-collector/tree/main/config/confighttp). - `parse_string_tags` (default = false): if enabled, the receiver will attempt to parse string tags/binary annotations into int/bool/float. ## Advanced Configuration diff --git a/receiver/zookeeperreceiver/README.md b/receiver/zookeeperreceiver/README.md index eeb05b0b207a..3819dafea1cb 100644 --- a/receiver/zookeeperreceiver/README.md +++ b/receiver/zookeeperreceiver/README.md @@ -17,7 +17,7 @@ to be enabled for the receiver to be able to collect metrics. ## Configuration -- `endpoint`: (default = `localhost:2181`) Endpoint to connect to collect metrics. Takes the form `host:port`. You can temporarily disable the `component.UseLocalHostAsDefaultHost` feature gate to change this to `0.0.0.0:2181`. This feature gate will be removed in a future release. +- `endpoint`: (default = `localhost:2181`) Endpoint to connect to collect metrics. Takes the form `host:port`. See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments. - `timeout`: (default = `10s`) Timeout within which requests should be completed. - `initial_delay` (default = `1s`): defines how long this receiver waits before starting.