Configure HTTP

HTTP exposes a variety of settings you can adjust within individual receivers or exporters of the Collector.

Configure HTTP clients

To configure HTTP clients in exporters use these settings:

Note: Client configuration supports TLS. For more information, see Configure TLS.

  • endpoint. Address and port for this connection

  • tls. See Configure TLS

  • headers. Name-value pairs added to the HTTP request headers

    • Certain headers such as Content-Length and Connection are automatically written when needed.

    • The Host header is automatically derived from the endpoint value. However, this automatic assignment can be overridden by explicitly setting the Host field in the headers field.

    • If the Host header is provided then it overrides Host field in Request. For more information see Go’s Request .

  • read_buffer_size

  • timeout

  • write_buffer_size

  • compression. Compression type to use

    • Compression type valid values are deflate, gzip, snappy, zlib, zstd, and none.

    • If compression is set to none, all data is treated as uncompressed, and any other inputs cause an error.

  • max_idle_conns

  • max_idle_conns_per_host

  • max_conns_per_host

  • idle_conn_timeout

  • auth. See Configure authentication

  • disable_keep_alives

  • http2_read_idle_timeout

  • http2_ping_timeout

  • cookies

    • [enabled]. If enabled, the client stores cookies from server responses and reuse them in subsequent requests.

    • For more information see Go’s CookieJar type documentation.

For example:

exporter:
  otlphttp:
    endpoint: otelcol2:55690
    auth:
      authenticator: some-authenticator-extension
    tls:
      ca_file: ca.pem
      cert_file: cert.pem
      key_file: key.pem
    headers:
      test1: "value1"
      "test 2": "value 2"
    compression: zstd
    cookies:
      enabled: true

Configure HTTP servers

To configure HTTP servers in collector receivers use these settings:

  • cors. Configure CORS to allow the receiver to accept traces from web browsers, even if the receiver is hosted at a different origin

    • If left blank or set to null, CORS is not enabled.

    • See the list of CORS parameters .

      • allowed_origins. List of origins allowed to send requests to the receiver. An origin may contain a wildcard * to replace 0 or more characters. To allow any origin, set ["*"]. If no origins are listed, CORS will not be enabled.

      • allowed_headers. Allow CORS requests to include headers outside the default safelist . By default, safelist headers and X-Requested-With are allowed. To allow any request header, set to ["*"].

      • max_age. Sets the value of the Access-Control-Max-Age header, allowing clients to cache the response to CORS preflight requests. If not set, browsers use a default of 5 seconds. See more at Access-Control-Max-Age .

  • endpoint

  • max_request_body_size. 20971520 (20MiB) by default. Configures the maximum allowed body size in bytes for a single request

  • compression_algorithms

  • tls. See Configure TLS

  • auth. See Configure authentication

    • request_params. List of query parameter names to add to the auth context, along with the HTTP headers.

Note: You can enable the Attributes processor to append any http header using a custom key. You also need to enable "include_metadata".

For example:

receivers:
  otlp:
    protocols:
      http:
        include_metadata: true
        auth:
          request_params:
          - token
          authenticator: some-authenticator-extension
        cors:
          allowed_origins:
            - https://foo.bar.com
            - https://*.test.com
          allowed_headers:
            - Example-Header
          max_age: 7200
        endpoint: 0.0.0.0:55690
        compression_algorithms: ["", "gzip"]

processors:
  attributes:
    actions:
      - key: http.client_ip
        from_context: X-Forwarded-For
        action: upsert

Learn more

For more details on the available settings refer to HTTP Configuration Settings in OTel’s GitHub repo.