Skip to content

Commit

Permalink
+ polish
Browse files Browse the repository at this point in the history
  • Loading branch information
@FKAJerry
FKAJerry committed Mar 31, 2024
1 parent feffbe4 commit cceb94b
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 20 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ RUN make build
# RUN make insight-linux

FROM alpine:3.15
COPY --from=build /app/etcd-metrics-proxy /
COPY --from=builder /build/etcd-metrics-proxy /
ENTRYPOINT [ "/etcd-metrics-proxy" ]
EXPOSE 2381 2381
58 changes: 39 additions & 19 deletions metrics_proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ import (
"crypto/x509"
"flag"
"fmt"
"io/ioutil"
"log"
"net/http"
"net/http/httputil"
"net/url"
"os"
)

type config struct {
Expand Down Expand Up @@ -50,31 +50,48 @@ func main() {
flag.Parse()
validateFlags(&c)

proxy := httputil.NewSingleHostReverseProxy(&url.URL{
Scheme: "https",
Host: fmt.Sprintf("%s:%d", c.upstreamHost, c.upstreamPort),
})
var tryHttp bool

pool := x509.NewCertPool()
capem, err := ioutil.ReadFile(c.etcdCA)
capem, err := os.ReadFile(c.etcdCA)
if err != nil {
log.Fatal(err)
}
if !pool.AppendCertsFromPEM(capem) {
log.Fatal("error: failed to add ca to cert pool")
log.Println(err)
tryHttp = true
}

cert, err := tls.LoadX509KeyPair(c.etcdCert, c.etcdKey)
if err != nil {
log.Fatal(err)
var scheme string
var host string
if tryHttp {
scheme = "http"
host = fmt.Sprintf("%s:%d", c.upstreamHost, c.port)
} else {
scheme = "https"
host = fmt.Sprintf("%s:%d", c.upstreamHost, c.upstreamPort)
}

proxy.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: pool,
Certificates: []tls.Certificate{cert},
ServerName: c.upstreamServerName,
},
log.Printf("will proxy: %s://%s", scheme, host)
proxy := httputil.NewSingleHostReverseProxy(&url.URL{
Scheme: scheme,
Host: host,
})

if !tryHttp {
if !pool.AppendCertsFromPEM(capem) {
log.Fatal("error: failed to add ca to cert pool")
}

cert, err := tls.LoadX509KeyPair(c.etcdCert, c.etcdKey)
if err != nil {
log.Fatal(err)
}

proxy.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: pool,
Certificates: []tls.Certificate{cert},
ServerName: c.upstreamServerName,
},
}
}

director := proxy.Director
Expand All @@ -85,6 +102,9 @@ func main() {

server := http.NewServeMux()
server.Handle("/metrics", proxy)
server.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "ok")
})

addr := fmt.Sprintf(":%d", c.port)
log.Printf("server: listening on %s\n", addr)
Expand Down

0 comments on commit cceb94b

Please sign in to comment.