Update README with deployment models (#64)

letsencrypt · Nov 14, 2023 · 1de6c94 · 1de6c94
1 parent ed23770
commit 1de6c94
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ names and labels by using a set of regular expressions.
 
 # Prerequisites
 
-Go 1.16 or above is required.
+Go 1.20 or above is required.
 
 # Installation
 
@@ -29,18 +29,33 @@ go mod tidy
 
 - - - -
 
-# Usage
+# Usage - Unix socket
 
-To show all CLI flags available
+The simplest way to run unbound_exporter is on the same machine as your Unbound instance, connecting via a Unix socket. First, make sure you have this in your unbound.conf:
 
-    $ unbound_exporter -h
+    remote-control:
+      control-enable: yes
+      control-interface: /run/unbound.ctl
 
-Scrape metrics from the exporter
+Then, arrange to run this on the same machine:
+
+    unbound_exporter -unbound.ca "" -unbound.cert "" -unbound.host "unix:///run/unbound.ctl"
+
+Metrics will be exported under /metrics, on port 9167, on all interfaces.
 
     $ curl 127.0.0.1:9167/metrics | grep '^unbound_up'
     unbound_up 1
 
+# Usage - TLS
+
+The more complicated way to run unbound_exporter is to configure unbound's control-interface with a TLS certificate from a private CA, and run unbound_exporter on a separate host. This is more of a hassle because you have to keep the certificate up to date and distribute the private CA to the host that unbound_exporter runs on.
+
+See https://unbound.docs.nlnetlabs.nl/en/latest/getting-started/configuration.html#set-up-remote-control for instructions on setting up the certificates and keys for remote-control via TLS. On the unbound_exporter side you will need to set the `-unbound.ca`, `-unbound.cert`, and `-unbound.key` flags to point to valid files that will trust the Unbound server's certificate and be trusted by Unbound in return.
+
+# Extended statistics
+
 From the Unbound [statistics doc](https://www.nlnetlabs.nl/documentation/unbound/howto-statistics/): Unbound has an option to enable extended statistics collection. If enabled, more statistics are collected, for example what types of queries are sent to the resolver. Otherwise, only the total number of queries is collected. Add the following to your `unbound.conf`.
 
     server:
 	    extended-statistics: yes
+