[relay] use exposed address for healthcheck TLS validation (#4872)

* fix(relay): use exposed address for healthcheck TLS validation Healthcheck was using listen address (0.0.0.0) instead of exposed address (domain name) for certificate validation, causing validation to always fail. Now correctly uses the exposed address where the TLS certificate is valid, matching real client connection behavior. * - store exposedAddress directly in Relay struct instead of parsing on every call - remove unused parseHostPort() function - remove unused ListenAddress() method from ServiceChecker interface - improve error logging with address context * [relay/healthcheck] Remove QUIC health check logic, update WebSocket validation flow Refactored health check logic by removing QUIC-specific connection validation and simplifying logic for WebSocket protocol. Adjusted certificate validation flow and improved handling of exposed addresses. * [relay/healthcheck] Fix certificate validation status during health check --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2026-04-16 07:16:38 +00:00 · 2025-11-28 21:53:53 +01:00
parent ddcd182859
commit cb83b7c0d3
5 changed files with 46 additions and 76 deletions
--- a/relay/server/relay.go
+++ b/relay/server/relay.go
@@ -51,10 +51,11 @@ type Relay struct {
 	metricsCancel context.CancelFunc
 	validator     Validator

-	store       *store.Store
-	notifier    *store.PeerNotifier
-	instanceURL string
-	preparedMsg *preparedMsg
+	store          *store.Store
+	notifier       *store.PeerNotifier
+	instanceURL    string
+	exposedAddress string
+	preparedMsg    *preparedMsg

 	closed  bool
 	closeMu sync.RWMutex
@@ -87,12 +88,13 @@ func NewRelay(config Config) (*Relay, error) {
 	}

 	r := &Relay{
-		metrics:       m,
-		metricsCancel: metricsCancel,
-		validator:     config.AuthValidator,
-		instanceURL:   config.instanceURL,
-		store:         store.NewStore(),
-		notifier:      store.NewPeerNotifier(),
+		metrics:        m,
+		metricsCancel:  metricsCancel,
+		validator:      config.AuthValidator,
+		instanceURL:    config.instanceURL,
+		exposedAddress: config.ExposedAddress,
+		store:          store.NewStore(),
+		notifier:       store.NewPeerNotifier(),
 	}

 	r.preparedMsg, err = newPreparedMsg(r.instanceURL)
@@ -178,3 +180,8 @@ func (r *Relay) Shutdown(ctx context.Context) {
 func (r *Relay) InstanceURL() string {
 	return r.instanceURL
 }
+
+// ExposedAddress returns the exposed address (domain:port) where clients connect
+func (r *Relay) ExposedAddress() string {
+	return r.exposedAddress
+}