From 90107cb5bb2bada1541019cdb74468b36ad6a08f Mon Sep 17 00:00:00 2001
From: Raza Jhaveri <raza.jhaveri@thetrainline.com>
Date: Fri, 21 Sep 2018 10:00:49 +0100
Subject: [PATCH] add option to skip tls verify

---
 README.md   | 12 +++++++-----
 exporter.go | 12 ++++++++++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 647652d56..05bac76ac 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ To start the exporter we use the [docker run](https://docs.docker.com/engine/ref
 
 ## Usage
 
-### Command-line Arguments 
+### Command-line Arguments
 
 ```
 Usage of ./nginx-prometheus-exporter:
@@ -54,13 +54,15 @@ Usage of ./nginx-prometheus-exporter:
   -nginx.scrape-uri string
         A URI for scraping NGINX or NGINX Plus metrics.
         For NGINX, the stub_status page must be available through the URI. For NGINX Plus -- the API. The default value can be overwritten by SCRAPE_URI environment variable. (default "http://127.0.0.1:8080/stub_status")
+  -nginx.ssl-verify
+        Perform SSL certificate verification. The default value can be overwritten by SSL_VERIFY environment variable.
   -web.listen-address string
         An address to listen on for web interface and telemetry. The default value can be overwritten by LISTEN_ADDRESS environment variable. (default ":9113")
   -web.telemetry-path string
         A path under which to expose metrics. The default value can be overwritten by TELEMETRY_PATH environment variable. (default "/metrics")
 ```
 
-### Exported Metrics 
+### Exported Metrics
 
 * For NGINX, all stub_status metrics are exported. Connect to the `/metrics` page of the running exporter to see the complete list of metrics along with their descriptions.
 * For NGINX Plus, the following metrics are exported:
@@ -69,7 +71,7 @@ Usage of ./nginx-prometheus-exporter:
     * [SSL](http://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object).
     * [HTTP Server Zones](http://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone).
     * [HTTP Upsteams](http://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream). Note: for the `state` metric, the string values are converted to float64 using the following rule: `"up"` -> `1.0`, `"draining"` -> `2.0`, `"down"` -> `3.0`, `"unavail"` –> `4.0`, `"checking"` –> `5.0`, `"unhealthy"` -> `6.0`.
-    
+
     Connect to the `/metrics` page of the running exporter to see the complete list of metrics along with their descriptions. Note: to see server zones related metrics you must configure [status zones](https://nginx.org/en/docs/http/ngx_http_status_module.html#status_zone) and to see upstream related metrics you must configure upstreams with a [shared memory zone](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone).
 
 ### Troubleshooting
@@ -86,10 +88,10 @@ You can build the exporter image using the provided Makefile. Before building th
 * make
 * Docker
 * git
- 
+
 To build the image, run:
 ```
-$ make container 
+$ make container
 ```
 
 Note:
diff --git a/exporter.go b/exporter.go
index af4d6ad82..7152ec33e 100644
--- a/exporter.go
+++ b/exporter.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"flag"
 	"log"
 	"net/http"
@@ -44,6 +45,7 @@ var (
 	defaultMetricsPath   = getEnv("TELEMETRY_PATH", "/metrics")
 	defaultNginxPlus     = getEnvBool("NGINX_PLUS", false)
 	defaultScrapeURI     = getEnv("SCRAPE_URI", "http://127.0.0.1:8080/stub_status")
+	defaultSslVerify     = getEnvBool("SSL_VERIFY", true)
 
 	// Command-line flags
 	listenAddr = flag.String("web.listen-address", defaultListenAddress,
@@ -55,6 +57,8 @@ var (
 	scrapeURI = flag.String("nginx.scrape-uri", defaultScrapeURI,
 		`A URI for scraping NGINX or NGINX Plus metrics.
 	For NGINX, the stub_status page must be available through the URI. For NGINX Plus -- the API. The default value can be overwritten by SCRAPE_URI environment variable.`)
+	sslVerify = flag.Bool("nginx.ssl-verify", defaultSslVerify,
+		"Perform SSL certificate verification. The default value can be overwritten by SSL_VERIFY environment variable.")
 )
 
 func main() {
@@ -64,15 +68,19 @@ func main() {
 
 	registry := prometheus.NewRegistry()
 
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: !*sslVerify},
+	}
+
 	if *nginxPlus {
-		client, err := plusclient.NewNginxClient(&http.Client{}, *scrapeURI)
+		client, err := plusclient.NewNginxClient(&http.Client{Transport: tr}, *scrapeURI)
 		if err != nil {
 			log.Fatalf("Could not create Nginx Plus Client: %v", err)
 		}
 
 		registry.MustRegister(collector.NewNginxPlusCollector(client, "nginxplus"))
 	} else {
-		client, err := client.NewNginxClient(&http.Client{}, *scrapeURI)
+		client, err := client.NewNginxClient(&http.Client{Transport: tr}, *scrapeURI)
 		if err != nil {
 			log.Fatalf("Could not create Nginx Client: %v", err)
 		}