pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-03-05 18:26:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #185 from water-sucks/add-tls-server-name-to-healthchecks

Browse Source 
feat(healthcheck): add TLS SNI header to request when needed
This commit is contained in:
Owen Schwartz
2025-12-04 14:41:16 -05:00
committed by GitHub
parent 7f650bbfdf 8a45f6fd63
commit ac691517ae
1 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
healthcheck/healthcheck.go
View File

@@ -48,6 +48,7 @@ type Config struct {
Headers map[string]string `json:"hcHeaders"` Headers map[string]string `json:"hcHeaders"`
Method string `json:"hcMethod"` Method string `json:"hcMethod"`
Status int `json:"hcStatus"` // HTTP status code Status int `json:"hcStatus"` // HTTP status code
TLSServerName string `json:"hcTlsServerName"`
} }
// Target represents a health check target with its current status // Target represents a health check target with its current status
@@ -70,7 +71,6 @@ type Monitor struct {
targets map[int]*Target targets map[int]*Target
mutex sync.RWMutex mutex sync.RWMutex
callback StatusChangeCallback callback StatusChangeCallback
client *http.Client
enforceCert bool enforceCert bool
} }
@@ -78,21 +78,10 @@ type Monitor struct {
func NewMonitor(callback StatusChangeCallback, enforceCert bool) *Monitor { func NewMonitor(callback StatusChangeCallback, enforceCert bool) *Monitor {
logger.Debug("Creating new health check monitor with certificate enforcement: %t", enforceCert) logger.Debug("Creating new health check monitor with certificate enforcement: %t", enforceCert)
// Configure TLS settings based on certificate enforcement
transport := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: !enforceCert,
},
}
return &Monitor{ return &Monitor{
targets: make(map[int]*Target), targets: make(map[int]*Target),
callback: callback, callback: callback,
enforceCert: enforceCert, enforceCert: enforceCert,
client: &http.Client{
Timeout: 30 * time.Second,
Transport: transport,
},
} }
} }
@@ -388,6 +377,17 @@ func (m *Monitor) performHealthCheck(target *Target) {
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(target.Config.Timeout)*time.Second) ctx, cancel := context.WithTimeout(context.Background(), time.Duration(target.Config.Timeout)*time.Second)
defer cancel() defer cancel()
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
// Configure TLS settings based on certificate enforcement
InsecureSkipVerify: !m.enforceCert,
// Use SNI TLS header if present
ServerName: target.Config.TLSServerName,
},
},
}
req, err := http.NewRequestWithContext(ctx, target.Config.Method, url, nil) req, err := http.NewRequestWithContext(ctx, target.Config.Method, url, nil)
if err != nil { if err != nil {
target.Status = StatusUnhealthy target.Status = StatusUnhealthy
@@ -402,7 +402,7 @@ func (m *Monitor) performHealthCheck(target *Target) {
} }
// Perform request // Perform request
resp, err := m.client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
target.Status = StatusUnhealthy target.Status = StatusUnhealthy
target.LastError = fmt.Sprintf("request failed: %v", err) target.LastError = fmt.Sprintf("request failed: %v", err)