Yening Qin
GitHub
3 years ago
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 17 deletions
Split View
Diff Options
-
+26 -15src/pkg/tls/config.go
-
+4 -0src/webapi/config/config.go
-
+24 -2src/webapi/prom/prom.go
+ 26
- 15
src/pkg/tls/config.go
View File
| @@ -12,25 +12,26 @@ import ( | |||
| // ClientConfig represents the standard client TLS config. | |||
| type ClientConfig struct { | |||
| TLSCA string | |||
| TLSCert string | |||
| TLSKey string | |||
| TLSKeyPwd string | |||
| InsecureSkipVerify bool | |||
| ServerName string | |||
| TLSMinVersion string | |||
| TLSCA string `toml:"tls_ca"` | |||
| TLSCert string `toml:"tls_cert"` | |||
| TLSKey string `toml:"tls_key"` | |||
| TLSKeyPwd string `toml:"tls_key_pwd"` | |||
| InsecureSkipVerify bool `toml:"insecure_skip_verify"` | |||
| ServerName string `toml:"tls_server_name"` | |||
| TLSMinVersion string `toml:"tls_min_version"` | |||
| TLSMaxVersion string `toml:"tls_max_version"` | |||
| } | |||
| // ServerConfig represents the standard server TLS config. | |||
| type ServerConfig struct { | |||
| TLSCert string | |||
| TLSKey string | |||
| TLSKeyPwd string | |||
| TLSAllowedCACerts []string | |||
| TLSCipherSuites []string | |||
| TLSMinVersion string | |||
| TLSMaxVersion string | |||
| TLSAllowedDNSNames []string | |||
| TLSCert string `toml:"tls_cert"` | |||
| TLSKey string `toml:"tls_key"` | |||
| TLSKeyPwd string `toml:"tls_key_pwd"` | |||
| TLSAllowedCACerts []string `toml:"tls_allowed_cacerts"` | |||
| TLSCipherSuites []string `toml:"tls_cipher_suites"` | |||
| TLSMinVersion string `toml:"tls_min_version"` | |||
| TLSMaxVersion string `toml:"tls_max_version"` | |||
| TLSAllowedDNSNames []string `toml:"tls_allowed_dns_names"` | |||
| } | |||
| // TLSConfig returns a tls.Config, may be nil without error if TLS is not | |||
| @@ -70,6 +71,16 @@ func (c *ClientConfig) TLSConfig() (*tls.Config, error) { | |||
| tlsConfig.MinVersion = tls.VersionTLS13 | |||
| } | |||
| if c.TLSMaxVersion == "1.0" { | |||
| tlsConfig.MaxVersion = tls.VersionTLS10 | |||
| } else if c.TLSMaxVersion == "1.1" { | |||
| tlsConfig.MaxVersion = tls.VersionTLS11 | |||
| } else if c.TLSMaxVersion == "1.2" { | |||
| tlsConfig.MaxVersion = tls.VersionTLS12 | |||
| } else if c.TLSMaxVersion == "1.3" { | |||
| tlsConfig.MaxVersion = tls.VersionTLS13 | |||
| } | |||
| return tlsConfig, nil | |||
| } | |||
+ 4
- 0
src/webapi/config/config.go
View File
| @@ -14,6 +14,7 @@ import ( | |||
| "github.com/didi/nightingale/v5/src/pkg/logx" | |||
| "github.com/didi/nightingale/v5/src/pkg/oidcc" | |||
| "github.com/didi/nightingale/v5/src/pkg/ormx" | |||
| "github.com/didi/nightingale/v5/src/pkg/tls" | |||
| "github.com/didi/nightingale/v5/src/storage" | |||
| ) | |||
| @@ -112,6 +113,9 @@ type ClusterOptions struct { | |||
| DialTimeout int64 | |||
| KeepAlive int64 | |||
| UseTLS bool | |||
| tls.ClientConfig | |||
| MaxIdleConnsPerHost int | |||
| } | |||
+ 24
- 2
src/webapi/prom/prom.go
View File
| @@ -65,6 +65,9 @@ func initClustersFromConfig() error { | |||
| for i := 0; i < len(opts); i++ { | |||
| cluster := newClusterByOption(opts[i]) | |||
| if cluster == nil { | |||
| continue | |||
| } | |||
| Clusters.Put(opts[i].Name, cluster) | |||
| } | |||
| @@ -165,7 +168,17 @@ func loadClustersFromAPI() { | |||
| MaxIdleConnsPerHost: 32, | |||
| } | |||
| Clusters.Put(item.Name, newClusterByOption(opt)) | |||
| if strings.HasPrefix(opt.Prom, "https") { | |||
| opt.UseTLS = true | |||
| opt.InsecureSkipVerify = true | |||
| } | |||
| cluster := newClusterByOption(opt) | |||
| if cluster == nil { | |||
| continue | |||
| } | |||
| Clusters.Put(item.Name, cluster) | |||
| continue | |||
| } | |||
| } | |||
| @@ -173,7 +186,6 @@ func loadClustersFromAPI() { | |||
| func newClusterByOption(opt config.ClusterOptions) *ClusterType { | |||
| transport := &http.Transport{ | |||
| // TLSClientConfig: tlsConfig, | |||
| Proxy: http.ProxyFromEnvironment, | |||
| DialContext: (&net.Dialer{ | |||
| Timeout: time.Duration(opt.DialTimeout) * time.Millisecond, | |||
| @@ -182,6 +194,15 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType { | |||
| MaxIdleConnsPerHost: opt.MaxIdleConnsPerHost, | |||
| } | |||
| if opt.UseTLS { | |||
| tlsConfig, err := opt.TLSConfig() | |||
| if err != nil { | |||
| logger.Errorf("new cluster %s fail: %v", opt.Name, err) | |||
| return nil | |||
| } | |||
| transport.TLSClientConfig = tlsConfig | |||
| } | |||
| cli, err := api.NewClient(api.Config{ | |||
| Address: opt.Prom, | |||
| RoundTripper: transport, | |||
| @@ -189,6 +210,7 @@ func newClusterByOption(opt config.ClusterOptions) *ClusterType { | |||
| if err != nil { | |||
| logger.Errorf("new client fail: %v", err) | |||
| return nil | |||
| } | |||
| cluster := &ClusterType{ | |||