pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-02-17 10:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(healthcheck): add TLS SNI header to request when needed

Browse Source 
Add the Server Name Indication (SNI) field to healthcheck requests, if
present in the target config.

SNI handling is already present for proxying resources, but this has
not been implemented for healthcheck requests yet until this commit.

In order to facilitate this, this commit moves the client instantiation
to when the healthcheck is performed, rather than as a part of the
monitor init.
This commit is contained in:
Varun Narravula
2025-12-03 14:59:23 -08:00
parent 7f650bbfdf
commit 8a45f6fd63
1 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
healthcheck/healthcheck.go
View File

@@ -48,6 +48,7 @@ type Config struct {
Headers map[string]string `json:"hcHeaders"` Headers map[string]string `json:"hcHeaders"`
Method string `json:"hcMethod"` Method string `json:"hcMethod"`
Status int `json:"hcStatus"` // HTTP status code Status int `json:"hcStatus"` // HTTP status code
TLSServerName string `json:"hcTlsServerName"`
} }
// Target represents a health check target with its current status // Target represents a health check target with its current status
@@ -70,7 +71,6 @@ type Monitor struct {
targets map[int]*Target targets map[int]*Target
mutex sync.RWMutex mutex sync.RWMutex
callback StatusChangeCallback callback StatusChangeCallback
client *http.Client
enforceCert bool enforceCert bool
} }
@@ -78,21 +78,10 @@ type Monitor struct {
func NewMonitor(callback StatusChangeCallback, enforceCert bool) *Monitor { func NewMonitor(callback StatusChangeCallback, enforceCert bool) *Monitor {
logger.Debug("Creating new health check monitor with certificate enforcement: %t", enforceCert) logger.Debug("Creating new health check monitor with certificate enforcement: %t", enforceCert)
// Configure TLS settings based on certificate enforcement
transport := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: !enforceCert,
},
}
return &Monitor{ return &Monitor{
targets: make(map[int]*Target), targets: make(map[int]*Target),
callback: callback, callback: callback,
enforceCert: enforceCert, enforceCert: enforceCert,
client: &http.Client{
Timeout: 30 * time.Second,
Transport: transport,
},
} }
} }
@@ -388,6 +377,17 @@ func (m *Monitor) performHealthCheck(target *Target) {
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(target.Config.Timeout)*time.Second) ctx, cancel := context.WithTimeout(context.Background(), time.Duration(target.Config.Timeout)*time.Second)
defer cancel() defer cancel()
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
// Configure TLS settings based on certificate enforcement
InsecureSkipVerify: !m.enforceCert,
// Use SNI TLS header if present
ServerName: target.Config.TLSServerName,
},
},
}
req, err := http.NewRequestWithContext(ctx, target.Config.Method, url, nil) req, err := http.NewRequestWithContext(ctx, target.Config.Method, url, nil)
if err != nil { if err != nil {
target.Status = StatusUnhealthy target.Status = StatusUnhealthy
@@ -402,7 +402,7 @@ func (m *Monitor) performHealthCheck(target *Target) {
} }
// Perform request // Perform request
resp, err := m.client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
target.Status = StatusUnhealthy target.Status = StatusUnhealthy
target.LastError = fmt.Sprintf("request failed: %v", err) target.LastError = fmt.Sprintf("request failed: %v", err)