Health-check connections now send a properly formatted auth message
with a well-known peer ID instead of immediately closing. The server
recognizes this peer ID and handles the connection gracefully with a
debug log instead of error logs.
Replaces string-based exposed address handling with URL-based InstanceURL() (type url.URL) across relay/server and relay/healthcheck; adds SchemeREL/SchemeRELS constants; updates getInstanceURL to return *url.URL with scheme and TLS validation; adjusts WS dialing and health-check logic to use URL fields.
* fix(relay): use exposed address for healthcheck TLS validation
Healthcheck was using listen address (0.0.0.0) instead of exposed address
(domain name) for certificate validation, causing validation to always fail.
Now correctly uses the exposed address where the TLS certificate is valid,
matching real client connection behavior.
* - store exposedAddress directly in Relay struct instead of parsing on every call
- remove unused parseHostPort() function
- remove unused ListenAddress() method from ServiceChecker interface
- improve error logging with address context
* [relay/healthcheck] Remove QUIC health check logic, update WebSocket validation flow
Refactored health check logic by removing QUIC-specific connection validation and simplifying logic for WebSocket protocol. Adjusted certificate validation flow and improved handling of exposed addresses.
* [relay/healthcheck] Fix certificate validation status during health check
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
The health check endpoint listens on a dedicated HTTP server.
By default, it is available at 0.0.0.0:9000/health. This can be configured using the --health-listen-address flag.
The results are cached for 3 seconds to avoid excessive calls.
The health check performs the following:
Checks the number of active listeners.
Validates each listener via WebSocket and QUIC dials, including TLS certificate verification.
