Fix: Getting TLS certificate through proxy & prometheus update (#4700)

pull/5043/head
Nelson Chan 7 months ago committed by GitHub
parent add5c128ce
commit 1490443618
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -512,10 +512,16 @@ class Monitor extends BeanModel {
} }
} }
let tlsInfo; let tlsInfo = {};
// Store tlsInfo when key material is received // Store tlsInfo when secureConnect event is emitted
options.httpsAgent.on("keylog", (line, tlsSocket) => { // The keylog event listener is a workaround to access the tlsSocket
tlsInfo = checkCertificate(tlsSocket); options.httpsAgent.once("keylog", async (line, tlsSocket) => {
tlsSocket.once("secureConnect", async () => {
tlsInfo = checkCertificate(tlsSocket);
tlsInfo.valid = tlsSocket.authorized || false;
await this.handleTlsInfo(tlsInfo);
});
}); });
log.debug("monitor", `[${this.name}] Axios Options: ${JSON.stringify(options)}`); log.debug("monitor", `[${this.name}] Axios Options: ${JSON.stringify(options)}`);
@ -527,19 +533,16 @@ class Monitor extends BeanModel {
bean.msg = `${res.status} - ${res.statusText}`; bean.msg = `${res.status} - ${res.statusText}`;
bean.ping = dayjs().valueOf() - startTime; bean.ping = dayjs().valueOf() - startTime;
// Store certificate and check for expiry if https is used // fallback for if kelog event is not emitted, but we may still have tlsInfo,
if (this.getUrl()?.protocol === "https:") { // e.g. if the connection is made through a proxy
// No way to listen for the `secureConnection` event, so we do it here if (this.getUrl()?.protocol === "https:" && tlsInfo.valid === undefined) {
const tlssocket = res.request.res.socket; const tlsSocket = res.request.res.socket;
if (tlssocket) { if (tlsSocket) {
tlsInfo.valid = tlssocket.authorized || false; tlsInfo = checkCertificate(tlsSocket);
} tlsInfo.valid = tlsSocket.authorized || false;
await this.updateTlsInfo(tlsInfo); await this.handleTlsInfo(tlsInfo);
if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
await this.checkCertExpiryNotifications(tlsInfo);
} }
} }
@ -1679,6 +1682,21 @@ class Monitor extends BeanModel {
const parentActive = await Monitor.isParentActive(parent.id); const parentActive = await Monitor.isParentActive(parent.id);
return parent.active && parentActive; return parent.active && parentActive;
} }
/**
* Store TLS certificate information and check for expiry
* @param {Object} tlsInfo Information about the TLS connection
* @returns {Promise<void>}
*/
async handleTlsInfo(tlsInfo) {
await this.updateTlsInfo(tlsInfo);
this.prometheus?.update(null, tlsInfo);
if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
await this.checkCertExpiryNotifications(tlsInfo);
}
}
} }
module.exports = Monitor; module.exports = Monitor;

@ -79,23 +79,25 @@ class Prometheus {
} }
} }
try { if (heartbeat) {
monitorStatus.set(this.monitorLabelValues, heartbeat.status); try {
} catch (e) { monitorStatus.set(this.monitorLabelValues, heartbeat.status);
log.error("prometheus", "Caught error"); } catch (e) {
log.error("prometheus", e); log.error("prometheus", "Caught error");
} log.error("prometheus", e);
}
try { try {
if (typeof heartbeat.ping === "number") { if (typeof heartbeat.ping === "number") {
monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping); monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping);
} else { } else {
// Is it good? // Is it good?
monitorResponseTime.set(this.monitorLabelValues, -1); monitorResponseTime.set(this.monitorLabelValues, -1);
}
} catch (e) {
log.error("prometheus", "Caught error");
log.error("prometheus", e);
} }
} catch (e) {
log.error("prometheus", "Caught error");
log.error("prometheus", e);
} }
} }

Loading…
Cancel
Save