Added https support #9
Conversation
|
Thank you for contributing. Currently i expect that this proxy will be behind nginx, where you may configure balancing througn few proxy instance and add https support. Why you can't use nginx? Update of dockerfiles is not required because any cli parameter may be passed in compose file or in run command: JWT token is public information, there are no payload there, and it used just to sign expiration time. Is this really critical? Will review your code soon. |
|
Thank you! Yes you can certainly pass the docker parameters, just make sure the certificate is somehow provided (by copying to the container or by volume sharing). A description might be sufficient. For the HTTPS you can certainly place it behing the ngnix but for a simple use cases it is an overkill in my opinion. You can easily support the https with the current libraries without additional complexity. I personally always use https whenever possible. As a rule of thumb I do not want anyone to be able to intercept my communication, no matter what it is. |
main.go
Outdated
| if ( len(*tlsCert) > 0 && len(*tlsKey) > 0) { | ||
| // start https server | ||
| err := s.ListenAndServeTLS(*tlsCert, *tlsKey) | ||
| if err != nil { |
There was a problem hiding this comment.
err handle may be moved outside if
demo/statsdHttpsProxy.sh
Outdated
| @@ -0,0 +1,16 @@ | |||
| #!/bin/sh | |||
|
|
|||
| # This server start listening connections by HTTP and pass it to StatsD by UDP | |||
There was a problem hiding this comment.
copy-paste. it's preferred to use one script to start server in different modes. It may ask yser which wariant to start.
Also you specify certificate and key, but they not present.
You may pre-generate it and commit, or to add this files to .gitignore and generate them on first run.
This cli is not friendly
There was a problem hiding this comment.
Done, added cert and key generation, as well as ignored them in the .gitignore.
demo/index_https.html
Outdated
| </head> | ||
| <body> | ||
|
|
||
| You are running demo of StatsD HTTPS Proxy. Please, start <b>statsdHttpProxy.sh</b> for handling HTTP requests and |
There was a problem hiding this comment.
copy-paste. maybe better will be to use raddio buttons to select server. And script name statsdHttpProxy.sh is invalid in help message. But i think all server modes must be started from one bash
|
|
||
| ```javascript | ||
| $.ajax({ | ||
| url: 'https://127.0.0.1:433/count/some.key.name', |
There was a problem hiding this comment.
this samples differ only by url. Everyone know what it is https))
There was a problem hiding this comment.
removed, merged into the existing index.html
.gitignore
Outdated
|
|
||
| # ide files | ||
| .idea/** | ||
| /**/.idea/** |
There was a problem hiding this comment.
- add new line on end of file
- ide rules must be in your global gitignore in home dir
demo/index.html
Outdated
| <body> | ||
|
|
||
| You are running demo of StatsD HTTP Proxy. Please, start <b>statsdHttpProxy.sh</b> for handling HTTP requests and | ||
| You are running demo of StatsD HTTP(s) Proxy. Please, start <b>statsdHttp(s)Proxy.sh</b> for handling HTTP(s) requests and |
There was a problem hiding this comment.
now i can't just copy file from browser and place to console )
demo/statsdHttpsProxy.sh
Outdated
| --statsd-host=127.0.0.1 \ | ||
| --statsd-port=8125 \ | ||
| --jwt-secret=somesecret \ | ||
| --metric-prefix=prefix.subprefix No newline at end of file |
demo/statsdHttpsProxy.sh
Outdated
| # This server start listening connections by HTTPS and pass it to StatsD by UDP | ||
|
|
||
| # generate self-signed cert and key with default subject | ||
| #openssl req -x509 -nodes -days 358000 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=PL/ST=test/L=test/O=test/OU=test/CN=test" |
There was a problem hiding this comment.
you may cehck if file not found and generate in automatically
There was a problem hiding this comment.
Corrected. Generating the credentials only if they do not exist.
main.go
Outdated
| } | ||
|
|
||
| if err != nil { | ||
| log.Fatal(err) |
There was a problem hiding this comment.
i think there must be some tabs instead of spaces. run go fmt
main.go
Outdated
| BuildDate, | ||
| ) | ||
| } | ||
| } |
README.md
Outdated
| --verbose \ | ||
| --http-host=127.0.0.1 \ | ||
| --http-port=433 \ | ||
| --tls-cert=cert.pem \ |
There was a problem hiding this comment.
My GoLand IDE configured to use tabs instead of spaces for indentation due to:
Indentation
We use tabs for indentation and gofmt emits them by default. Use spaces only if you must.
You are using spaces)
| .glide/ | ||
|
|
||
| # keys | ||
| *.pem |
There was a problem hiding this comment.
pem ignored in all project or just in demo dir?
There was a problem hiding this comment.
I would generally exlude pem files from the whole project. They should never be checked in. For demo it will be generated on the fly.
|
Merged in https://github.com/GoMetric/statsd-http-proxy/releases/tag/0.9.0. Thank you for your work |
2 participants
I added https support for the proxy. I used the proxy in my project but to make it really useful I had to add HTTPS. When using it over HTTP the jwt token can easily be compromised. I updated the documentation accordingly. I did not update the docker files though but that can be easily done (I guess by adding separate docker files for the https or by parametrization).