Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add HTTP tls (issue #393) #401

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions fixtures/https/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Commands to generate certificates:

Commands are based on the following tutorial: https://medium.com/@harsha.senarath/how-to-implement-tls-ft-golang-40b380aae288

## Self-Signed CA:
openssl req -new -newkey rsa:2048 -keyout ca.key -x509 -sha256 -days 999999 -out ca.crt
## Server Certificated based on self-Signed CA:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -config server.cnf
openssl req -noout -text -in server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 999999 -sha256 -extfile server.cnf -extensions v3_ext
21 changes: 21 additions & 0 deletions fixtures/https/ca.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIUXbr84IapD9BcjAlk7+uBVNYUzaswDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDEyMjMxODE5MThaGA80NzYy
MTExOTE4MTkxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANs1MyJYB2duAXKBCHTEBXAbv3ZbbsRW7TZKnvdG
L8NaSqPxbhxkjwI1hBx+eL9N/ExqSlKcWRYNeFZQ+U6VllylOBsS75W86QceENJr
qWhtUmgagwWqvRPifbIV9+oMOl1ybupa2/oMxzi4DUIByuR+F8BIcIGNrj+CYkJo
w2MZXsbGunprJdtaexIbAjiwCQHjIasVuWxs5QSx5VGG0IL3DqcwuoLa5QCrbXV2
iennB8huBDoI5fgX+9AkRR4U0oH6nRra+2FWUoRFCkjRQpyjhorWnAcIvSBeIDca
T/hKLURj9Zi7l0HG3bk5wwS8GFe6XyzJYUrMfWJNFvwN8DMCAwEAAaNTMFEwHQYD
VR0OBBYEFIu9pE86XVeeerUGAxWIbLgjx+iiMB8GA1UdIwQYMBaAFIu9pE86XVee
erUGAxWIbLgjx+iiMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
ABA0/74WYakLnzK05EfKExNcvtaOmJZ5UMsqDk1PMmQTktwOUbrIGS9gbPqhtd/8
DfZvO7TinKbWzSKTCtUQb2koDZebZe1/VC6tetkVz7o/44N2j70z53IFJoaDFoJK
Db3QB/fuEfvRuCtrB7KzvZx4INyIX4/hEo6MQrBQEI4UFGm/g8QvVyFAolswFy+O
0R+mNcXUdf11IAqsqHqcxb0mAFtfYMQZTK9ES3xg882TLKOBUp9ekm3Z6403fWuO
Pa7fv6yJj9A+739dpWVWOt1RXMJ1CG3SADpDh0kZ8abpL4uMGHD9KpJgimgCacEr
TlEoCrm2fGJxt58bJEnFVlY=
-----END CERTIFICATE-----
30 changes: 30 additions & 0 deletions fixtures/https/ca.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQ+1ePek6y4XvHR0q2
9aShnQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIi7OsVGP/rEYEggTI
8SzcBZ/JpHdQ8zxk2m9hsD+YIXxHcbaV6Bht0GPPCFaEi0iTO/k/ukeQMCYOBcDQ
B6ggt/q0bErjSKUdNu0v8lePo4HpOPriDnlXiIJhtelQ3OiOHf7uBcWq5sKj2nXb
BOQHazLT6Q0fFlwO1P1TTVNCFJNe/dZbVLJW81zW+yqTJGKOV3hAL4Jg5l0d5W6c
WbfU5YB74ew3Kd3cx8nWEHinZJI1DG3AFL6I1Cl/bX2+UeGA+I1XaK4sfcDiFxsF
1XtduTYz8ZHc/78IVL1oWlEJ/ucGltr/cBEaNLemKhWP4onVj/lNIviAXMqXGN4b
C6ZW7Xpg9AjXeqlJUHHh+oU1AIZuMxk2V4ztxGav7yK3NIOk5JRk8TqAqSuySdtB
lOeh9NUFUMHTY2DKrbbPuP7wYxY3dUKjN1AjeumH7sCQ2mrjpuRhQAxz6BjLGvs/
+4DbrxPjt5BC2cIMpYk9zZ649ojWUFkXUopESGwtjR1UkiFiK/q3sLLUnjuvcrKk
oXAxsvyZSX7mjs58IH+aa/LwXagoyIrTWUT+xxK21l6PlC+Pk0PXDfK2zGGmSXj+
tDueElFIRfizQhh4Mw1y0uq3NyiRnX8VroMyCC9A/5y+OcXn+A72VsnkEXRePzO8
MliKsNoBBFWV3qFXwtCvWkAyn8TKzQ8mivwqICISSKJe+HclNGKGI/CeORWFDAK8
3Oooe0OuuOOMMVbIDxr4cOMTCnHoAcyPU9FkmIy7/0KcUnplDGWnbUgjHskxD/mp
vRcmP9x7RzSZvQqRH51SBEWdieZT9jJUTe7U4W4/OLIHa8ZKhrqhDcsRfB4M8yEp
tlntEqpKE9ZBYSRTaCuwwA3v+TJ7kTGffB/TjFOy6kR84RIbQGKvWjy7ebjVDlJ2
nAdNVFqoQiS7sKEYv0KNLUo+k5YoW1FAvSHhRkcspmRzX2GLuff5FeOuL/8N2LYi
fnmqJ2wQt2jW/H8eOBs1M6kz/ZpM5nyGduysfP2jJ7X9/2HLKoJ1DXDFBz3K1xGT
ZtXDKNaZDhe3Gh0njl5BqGACppxjUL3b0XwP3Mvhlaue7o02erIpw0e7SaoTbhzx
s+6m98+vNDaN3YrBTOhV+XFEBUl3twsSAvFPJZW4YRyqfQWBKIAjKQR1h9LZJ+i6
DNwNpsBbpoPoXUQP6eqUHA7ws/LqqV6WsTyxsJzOyvF8efJAVDHbkkivgEbyXlci
KO4XdAJl+eTUbWmqPRFIy6ZwmL55NLPXoqT4Q06/9XLWrQNzUJxdUoUGYK2qPav7
idDoxtfwSq6mRfw5zL4jflJg8W/5zfomYe8CMoOxxPj/I2aDauKXJPQuu/pbB/u5
kyZxBoMA6HnZNDVAmFMqjNd13OQ/sfDIiE8k1Sqw0Y6sMtdqZ9EwFw+boHj+6uPk
hSeCPJNNelZk0JGtQ6PlLwbBA+A/mxrXmrj43cLVvot+vM3xcpX+clhkX3J3VxKj
c9lse3SExf2QQTbGrZZJPuqvZGL36BFSD4t6EaPXM75qRQoyQmwv55mBZ6a6Di9W
3gTxKxTEZz3m8fM8h2O6bGJGA16WHrKG6t4FHOYf70PJBfg9fSbGiF4Cc2TRdPNK
1N4DPw3W2EHs86laJGnU+4GjmeQ6V+Zc
-----END ENCRYPTED PRIVATE KEY-----
1 change: 1 addition & 0 deletions fixtures/https/ca.srl
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
2C273E731551583E584EBBE1169E9AC2D6CC0925
12 changes: 12 additions & 0 deletions fixtures/https/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
logstash:
instances:
- url: "http://localhost:9234"
timeout: 3s
server:
host: "127.0.0.1"
port: 9183
keyFile: "../../fixtures/https/server.key"
certFile: "../../fixtures/https/server.crt"
enableSSL: true
logging:
level: "info"
13 changes: 13 additions & 0 deletions fixtures/https/server.cnf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[req]
default_md = sha256
prompt = no
req_extensions = v3_ext
distinguished_name = req_distinguished_name

[req_distinguished_name]
CN = localhost

[v3_ext]
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = critical,serverAuth,clientAuth
subjectAltName = DNS:localhost
21 changes: 21 additions & 0 deletions fixtures/https/server.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIULCc+cxVRWD5YTrvhFp6awtbMCSUwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDEyMjMxODE5NDVaGA80NzYy
MTExOTE4MTk0NVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtJ7YvkTJZNmqYV085yQLiwuJ7AwrEy0UDI054TDE
FXIixKkcvAyG7utDVfZaH1NgLw2dmpITRtpJg/u7k7uVkcZfMhRWjvnIYatfbmYK
jM+gXyL7QbOzT9AmjFBlHTnDefb+0JorIaVSvx70d/mZHCyU87Mb9+ZnHUSrob8H
pzcUd+8MRieV4itlverQQyZjMjyEcuHZp6J84L+ouIJPQENziCmy8pCwm5KZt5Fp
9JFKSvwB3eb+MOMPzaYv+dtsq4tt/QHFddzPbAk/jFbyrhuREylIxYFGtiZoMH1w
uaFTZdtRCXrNH2YU/jYk8EgIgzF2cMwZljYzEH2GUi5cWQIDAQABo4GLMIGIMA4G
A1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBR3a77IlMBkppor02nxQtPx
XJav+jAfBgNVHSMEGDAWgBSLvaRPOl1Xnnq1BgMViGy4I8foojANBgkqhkiG9w0B
AQsFAAOCAQEAtkEfRulyg5VLwddTI1anwD2SWkWxK/RLVuZQ90L8XBa2AtZQvm7e
705jCK9q5IjbrNoqdxnRvaxLza8KpCCDB76UtI8TBOTWpRSb6TFdBZ+cvM7F11Nx
Qw0HE68gAu0B8tpkRjSsjbOOHsqKhCdmICHU6W247PlwOBJuL07QoyKLHK5KwF9v
M+WAiXLMcGhJRn+nTLRBeI3oBxo1Ok8EuTTgdNvezLxWevheZ/YKiiIwomrRfS4Y
jmZHfembTJPvGS6sC21FmrpU4r0pNo4nxIC+VpaOrb90wh3YjaXUvINXDOyCcyIg
ENmbyxvW+DhygZ1pvaJk/FIIXNu0h2gRIg==
-----END CERTIFICATE-----
17 changes: 17 additions & 0 deletions fixtures/https/server.csr
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICsjCCAZoCAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtJ7YvkTJZNmqYV085yQLiwuJ7AwrEy0UDI054TDE
FXIixKkcvAyG7utDVfZaH1NgLw2dmpITRtpJg/u7k7uVkcZfMhRWjvnIYatfbmYK
jM+gXyL7QbOzT9AmjFBlHTnDefb+0JorIaVSvx70d/mZHCyU87Mb9+ZnHUSrob8H
pzcUd+8MRieV4itlverQQyZjMjyEcuHZp6J84L+ouIJPQENziCmy8pCwm5KZt5Fp
9JFKSvwB3eb+MOMPzaYv+dtsq4tt/QHFddzPbAk/jFbyrhuREylIxYFGtiZoMH1w
uaFTZdtRCXrNH2YU/jYk8EgIgzF2cMwZljYzEH2GUi5cWQIDAQABoFkwVwYJKoZI
hvcNAQkOMUowSDAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF
AAOCAQEAq3kIDFc9G+UVl3vfzaKMn9c95ClSYV9OIcnXoO1Mm/engyOHbgkSUYkI
qS3VDk+DnOtU4c1BxIlcyDTzKnVRnHr/0U7YpHO4OU7VzX3tWqmAn9mseUUoUvXL
94i4Y0JQ4880g39oZwdeQ9mPrLLwrysXHA0qbcVagPAUkRgOVu6dUzccKHPCLVy9
xivjoccUSJi7fYlmqc/ssEW/HwUl9iGcpG2UnH6YE8W5rZa6VO9NAX7vnZXjef1s
Q+JonAOGDdY/E6v859/GaGbYcPe5McKdZgNeK0zEPxrNNp02yT/6YyNHfSnitNKK
jqttrR+nmgpIBn21SdYai+tR5HDycQ==
-----END CERTIFICATE REQUEST-----
28 changes: 28 additions & 0 deletions fixtures/https/server.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0nti+RMlk2aph
XTznJAuLC4nsDCsTLRQMjTnhMMQVciLEqRy8DIbu60NV9lofU2AvDZ2akhNG2kmD
+7uTu5WRxl8yFFaO+chhq19uZgqMz6BfIvtBs7NP0CaMUGUdOcN59v7QmishpVK/
HvR3+ZkcLJTzsxv35mcdRKuhvwenNxR37wxGJ5XiK2W96tBDJmMyPIRy4dmnonzg
v6i4gk9AQ3OIKbLykLCbkpm3kWn0kUpK/AHd5v4w4w/Npi/522yri239AcV13M9s
CT+MVvKuG5ETKUjFgUa2JmgwfXC5oVNl21EJes0fZhT+NiTwSAiDMXZwzBmWNjMQ
fYZSLlxZAgMBAAECggEADDMm/2oIwt63ZQptzsx22aJSw256edn7ftIKsOjQ88Rg
8BDeo56CfjCGnK+uPGuupVr5dFttwSVFHiyyiarb0kv4edrZEmDxfZRcVqn+iC6N
feOQXkqXn9pWwjc7by8LwqkR4s/o/iWrKkTaXSCvLHGf8Xp9dv/5YscUwzDyoMMI
55KWUhZmjOEKrpy/DV9xsw1xZcfvQKf45QKeU36rkgMehQP0TAlynGn6FcdmiZqR
MxWn8inO9zrJA8rdnnycZ02CcZEmpk2wmAEol3lT4ghRzGHKKQWCYOcFif998kXh
oUhZt6yiuaqDhFPHDRE+G1uiYwu1EzBZkr+w65y3gQKBgQDnEOQPY6duZ+t7wUhX
Loc8VaBKpdjkdvBIowHuHykrWSIT3z1uCMUjhK8SzI2/zi/6lZkFtgsa/ZM7lMlJ
Q3gHujIlXkaEbN71gPF/qQiQXu0AFkYvAOjEtcPNSz2e+XNzxQIsK1irhCTKbEFx
nlMV7M/bxEqpsOP16aPx1tN72QKBgQDIHGspQrhUdF3/XHzm0vfgTMJ8BRkmFPIM
KioOtXvOgsJpcoTkH/oGYqLe/QefTmLxKLvDKmVjx7kKObGkEAHS5o2+nx3JekO9
YatuoGCwWNeyviYePTkkQQDsVgqUwkdAvX9whlpg6jfGS9FUMD7ccktwv/I1oQL+
el2UJXAUgQKBgQDAHRoQ9YEq2Xo/nbcgzU2hS2wHRJbtdTpYmjcrnXrkUKp1rUFs
8BvAaTwKvEoKtErN5H2i8vWOzlAQ1Kb6o/7zJcs1qImm5sIFity/kHHPXy1byik2
QWJG0v1l/e3Q9IQaOC2TPcLub+MK7jEHX2SjMQ6tISoWpj0So9wsYbnaGQKBgFcK
VWo7BSZm/0PFnOZhuUOs36NGLGwuDCJSbLy9H77xjVKEZ106s2v3l1Raxuf6FntC
9nirhjJiexABjE0KUWDEu77AQxqRvckwJHsX8zaBTkEHCFl609H7HEWwHyYZYxi7
1CTDq6gf+GaeL8zot073v+yo8Nd203CRFQcNSbUBAoGAEgoKlnI+SDDp1mVLQKpM
tHuw5BvbbwwIM+LaE+s+aRlofz9Fsu3vfqh1GAxEMcuY4Rr7eFWj7U92LhGlTlWK
RIGZ/rwhQY8QAiWh8XUeKCYBQi0wi1urCzfvlGv5mSyNU6IaGMj3Hwj9oKP72TN5
kiu9w25oO8yHrzN4x2afCZE=
-----END PRIVATE KEY-----
12 changes: 12 additions & 0 deletions fixtures/https_config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
logstash:
instances:
- url: "http://localhost:9234"
timeout: 3s
server:
host: "127.0.0.1"
port: 9183
keyFile: "./server.key"
certFile: "./server.crt"
enableSSL: true
logging:
level: "info"
2 changes: 1 addition & 1 deletion fixtures/valid_config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ logstash:
httpInsecure: true
server:
host: "127.0.0.1"
port: 9200
port: 9100
logging:
level: "debug"
9 changes: 8 additions & 1 deletion internal/startup_manager/startup_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ var (
// AppServer defines the behavior of an application server
type AppServer interface {
ListenAndServe() error
ListenAndServeTLS(certFile, keyFile string) error
Shutdown(ctx context.Context) error
}

Expand Down Expand Up @@ -176,7 +177,13 @@ func (sm *StartupManager) startServer(cfg *config.Config) {

go func() {
slog.Info("starting server", "host", cfg.Server.Host, "port", cfg.Server.Port)
err := appServer.ListenAndServe()
var err error
if cfg.Server.EnableSSL {
err = appServer.ListenAndServeTLS(cfg.Server.CertFile, cfg.Server.KeyFile)
} else {
err = appServer.ListenAndServe()
}

sm.serverErrorChan <- err
}()
}
Expand Down
126 changes: 126 additions & 0 deletions internal/startup_manager/startup_manager_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
package startup_manager

import (
"context"
"crypto/tls"
"net"
"strconv"
"testing"
"time"

"os"
"crypto/x509"

"github.com/kuskoman/logstash-exporter/internal/flags"
)


func TestAppServer(t *testing.T) {
t.Parallel()

ctx := context.Background()
timeout := time.Second

t.Run("No TLS", func(t *testing.T) {
t.Parallel()

flagsConfig := &flags.FlagsConfig{ConfigLocation: "../../fixtures/valid_config.yml"}

sm, err := NewStartupManager(flagsConfig.ConfigLocation, flagsConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

_, err = sm.configManager.LoadAndCompareConfig(ctx)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

cfg := sm.configManager.GetCurrentConfig()
if cfg == nil {
t.Fatal("config is nil")
}

go func() {
sm.startServer(cfg)
}()

name := net.JoinHostPort("localhost", strconv.Itoa(cfg.Server.Port))
errs := make(chan error, 1)
go func() {
conn, err := net.DialTimeout("tcp", name, timeout)
errs <- err
if conn != nil {
defer conn.Close()
}
}()

err = <-errs
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

err = sm.shutdownServer(ctx)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
})

t.Run("TLS", func(t *testing.T) {
t.Parallel()

flagsConfig := &flags.FlagsConfig{ConfigLocation: "../../fixtures/https/config.yml"}

sm, err := NewStartupManager(flagsConfig.ConfigLocation, flagsConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

_, err = sm.configManager.LoadAndCompareConfig(ctx)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

cfg := sm.configManager.GetCurrentConfig()
if cfg == nil {
t.Fatal("config is nil")
}

go func() {
sm.startServer(cfg)
}()

cert, err := os.ReadFile("../../fixtures/https/ca.crt")
if err != nil {
t.Fatalf("Failed to read certificate file: %v", err)
}

caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(cert)

tlsConfig := &tls.Config{
RootCAs: caCertPool,
}

dialer := net.Dialer{Timeout: timeout}
name := net.JoinHostPort("localhost", strconv.Itoa(cfg.Server.Port))

errs := make(chan error, 1)
go func() {
conn, err := tls.DialWithDialer(&dialer, "tcp", name, tlsConfig)
errs <- err
if conn != nil {
defer conn.Close()
}
}()
err = <-errs
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

err = sm.shutdownServer(ctx)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
})
}
7 changes: 5 additions & 2 deletions pkg/config/exporter_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,11 @@ type ServerConfig struct {
// with the default windows firewall configuration.
// Alternatively you can change the firewall configuration to allow
// connections to the port from all interfaces.
Host string `yaml:"host"`
Port int `yaml:"port"`
Host string `yaml:"host"`
Port int `yaml:"port"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
EnableSSL bool `yaml:"enableSSL"`
}

// LoggingConfig represents the logging configuration
Expand Down
Loading