feat(healthcheck): add TLS SNI header to request when needed #185
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add the Server Name Indication (SNI) field to healthcheck requests, if present in the target config. SNI handling is already present for proxying resources, but this has not been implemented for healthcheck requests yet until this commit. In order to facilitate this, this commit moves the client instantiation to when the healthcheck is performed, rather than as a part of the monitor init.
water-sucks
force-pushed
the
add-tls-server-name-to-healthchecks
branch
from
415f9b7 to
8a45f6f
Compare
Member
|
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Contribution License Agreement
By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.
Description
Add the Server Name Indication (SNI) field to healthcheck requests, if present in the target config.
SNI handling is already present for proxying resources, but this has not been implemented for healthcheck requests yet until this commit.
In order to facilitate this, this commit moves the client instantiation to when the healthcheck is performed, rather than as a part of the monitor init code. This may have minor performance implications, but this can be monitored later, since users are probably not running that many healthchecks as to where this would become a problem. Maybe I'll be proven wrong? I sure hope not.
This is the corresponding Newt component to fosrl/pangolin#1971, and probably should be merged in tandem with it.
How to test?
Run the Newt binary with a corresponding version of Pangolin that adds the target healthcheck SNI field from the linked PR, and make sure that Newt proxies the SNI headers correctly down and receives the correct certificate to work with when it is specified from the target healthcheck config.