https

package

v0.0.0-...-df7c9ae Latest Latest Go to latest Published: May 6, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

HTTPS Package for Prometheus

The https directory contains a Go package and a sample configuration file for running node_exporter with HTTPS instead of HTTP. We currently support TLS 1.3 and TLS 1.2.

To run a server with TLS, use the flag --web.config.

e.g. ./node_exporter --web.config="web-config.yml" If the config is kept within the https directory.

The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.

Sample Config

tls_config:
  # Certificate and key files for server to use to authenticate to client
  cert_file: <filename>
  key_file: <filename>

  # Server policy for client authentication. Maps to ClientAuth Policies
  # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
  [ client_auth_type: <string> | default = "NoClientCert" ]

  # CA certificate for client certificate authentication to the server
  [ client_ca_file: <filename> ]

# List of usernames and hashed passwords that have full access to the web
# server via basic authentication. If empty, no basic authentication is
# required. Passwords are hashed with bcrypt.
basic_auth_users:
  [ <username>: <password> ... ]

About bcrypt

There are several tools out there to generate bcrypt passwords, e.g. htpasswd:

htpasswd -nBC 10 "" | tr -d ':\n

That command will prompt you for a password and output the hashed password, which will look something like: $2y$10$X0h1gDsPszWURQaxFh.zoubFi6DXncSjhoQNJgRrnGs7EsimhC7zG

The cost (10 in the example) influences the time it takes for computing the hash. A higher cost will en up slowing down the authentication process. Depending on the machine, a cost of 10 will take about ~70ms where a cost of 18 can take up to a few seconds. That hash will be computed on every password-protected request.

Documentation ¶

Overview ¶

Package https allows the implementation of TLS.

Index ¶

func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error)
func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error
type Config
type TLSStruct

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConfigToTLSConfig ¶

func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error)

ConfigToTLSConfig generates the golang tls.Config from the TLSStruct config.

func Listen ¶

func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error

Listen starts the server on the given address. If tlsConfigPath isn't empty the server connection will be started using TLS.

Types ¶

type Config ¶

type Config struct {
	TLSConfig TLSStruct                     `yaml:"tls_config"`
	Users     map[string]config_util.Secret `yaml:"basic_auth_users"`
}

type TLSStruct ¶

type TLSStruct struct {
	TLSCertPath string `yaml:"cert_file"`
	TLSKeyPath  string `yaml:"key_file"`
	ClientAuth  string `yaml:"client_auth_type"`
	ClientCAs   string `yaml:"client_ca_file"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL