diff options
| author | kali kaneko (leap communications) <kali@leap.se> | 2020-02-11 17:13:53 +0100 |
|---|---|---|
| committer | kali kaneko (leap communications) <kali@leap.se> | 2020-02-11 19:05:29 +0100 |
| commit | 828ee14b4e903bbda9291bc9ee09ff98b66003c7 (patch) | |
| tree | 171d4ba1766274087f2d29f233e90e59f5781225 | |
| parent | ecaa22111ee8e34111080139e1e8a92b90e30158 (diff) | |
[feat] metrics listen in separate port
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | main.go | 36 | ||||
| -rw-r--r-- | pkg/config/config.go | 6 | ||||
| -rw-r--r-- | pkg/web/handlers.go | 4 |
4 files changed, 30 insertions, 19 deletions
@@ -14,7 +14,8 @@ authentication credentials). |-------------------|:--------------------:|----------------------|-------------------------------------------------------:| | **apiPath** | `VPNWEB_API_PATH` | /etc/leap/config/vpn | _Path for the public API static files_ | | **providerCaCrt** | `VPNWEB_PROVIDER_CA` | /etc/leap/ca/ca.crt | _Path for the provider CA certificate_ | -| **port** | `VPNWEB_PORT` | 8000 | _Port where the server will listen_ | +| **port** | `VPNWEB_PORT` | 8000 | _Port where the api server will listen_ | +| **metricsPort** | `VPNWEB_METRICS_PORT`| 8001 | _Port where the metrics server will listen_ | | **tls** | | false | _Enable TLS on the service_ | | **tlsCrt** | `VPNWEB_TLSCRT` | | _Path to the cert file for TLS_ | | **tlsKey** | `VPNWEB_TLSKEY` | | _Path to the key file for TLS_ | @@ -16,34 +16,42 @@ func main() { ch := web.NewCertHandler(opts.CaCrt, opts.CaKey) authenticator := auth.GetAuthenticator(opts, false) + srv := http.NewServeMux() + /* protected routes */ /* TODO https://0xacab.org/leap/vpnweb/issues/4 http.HandleFunc("/3/refresh-token", auth.RefreshAuthMiddleware(opts.Auth)) */ - - http.HandleFunc("/3/auth", web.AuthMiddleware(authenticator.CheckCredentials, opts)) - http.Handle("/3/cert", web.RestrictedMiddleware(authenticator.NeedsCredentials, ch.CertResponder, opts)) + srv.HandleFunc("/3/auth", web.AuthMiddleware(authenticator.CheckCredentials, opts)) + srv.Handle("/3/cert", web.RestrictedMiddleware(authenticator.NeedsCredentials, ch.CertResponder, opts)) /* static files */ - web.HttpFileHandler("/3/configs.json", opts.ApiPath+"/3/configs.json") - web.HttpFileHandler("/3/service.json", opts.ApiPath+"/3/service.json") - web.HttpFileHandler("/3/config/eip-service.json", opts.ApiPath+"/3/eip-service.json") - web.HttpFileHandler("/provider.json", opts.ApiPath+"provider.json") - web.HttpFileHandler("/ca.crt", opts.ProviderCaPath) - web.HttpFileHandler("/3/ca.crt", opts.ProviderCaPath) + web.HttpFileHandler(srv, "/3/configs.json", opts.ApiPath+"/3/configs.json") + web.HttpFileHandler(srv, "/3/service.json", opts.ApiPath+"/3/service.json") + web.HttpFileHandler(srv, "/3/config/eip-service.json", opts.ApiPath+"/3/eip-service.json") + web.HttpFileHandler(srv, "/provider.json", opts.ApiPath+"provider.json") + web.HttpFileHandler(srv, "/ca.crt", opts.ProviderCaPath) + web.HttpFileHandler(srv, "/3/ca.crt", opts.ProviderCaPath) + + mtr := http.NewServeMux() + mtr.Handle("/metrics", promhttp.Handler()) /* prometheus metrics */ - http.Handle("/metrics", promhttp.Handler()) + go func() { + pstr := ":" + opts.MetricsPort + log.Println("/metrics endpoint in port", opts.MetricsPort) + log.Fatal(http.ListenAndServe(pstr, mtr)) + }() + /* api server */ pstr := ":" + opts.Port - log.Println("Listening in port", opts.Port) - + log.Println("API listening in port", opts.Port) if opts.Tls == true { - log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, nil)) + log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, srv)) } else { - log.Fatal(http.ListenAndServe(pstr, nil)) + log.Fatal(http.ListenAndServe(pstr, srv)) } } diff --git a/pkg/config/config.go b/pkg/config/config.go index 76b4e4e..2e5eac7 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -30,6 +30,7 @@ type Opts struct { TlsCrt string TlsKey string Port string + MetricsPort string Auth string AuthSecret string ApiPath string @@ -87,8 +88,8 @@ func initializeFlags(opts *Opts) { flag.StringVar(&opts.TlsCrt, "tlsCrt", "", "Path to the cert file for TLS") flag.StringVar(&opts.TlsKey, "tlsKey", "", "Path to the key file for TLS") flag.StringVar(&opts.Port, "port", "", "Port where the server will listen (default: 8000)") - flag.StringVar(&opts.Auth, "auth", "", "Authentication module (ano, sip2)") - flag.StringVar(&opts.AuthSecret, "authSecret", "", "Authentication secret (optional)") + flag.StringVar(&opts.MetricsPort, "metricsPort", "", "Port where the metrics server will listen (default: 8001)") + flag.StringVar(&opts.Auth, "auth", "", "Authentication module (anon, sip2)") flag.StringVar(&opts.ApiPath, "apiPath", "", "Path to the API public files") flag.StringVar(&opts.ProviderCaPath, "providerCaCrt", "", "Path to the provider CA certificate") flag.Parse() @@ -98,6 +99,7 @@ func initializeFlags(opts *Opts) { FallbackToEnv(&opts.TlsCrt, "VPNWEB_TLSCRT", "") FallbackToEnv(&opts.TlsKey, "VPNWEB_TLSKEY", "") FallbackToEnv(&opts.Port, "VPNWEB_PORT", "8000") + FallbackToEnv(&opts.MetricsPort, "VPNWEB_METRICS_PORT", "8001") FallbackToEnv(&opts.Auth, "VPNWEB_AUTH", DefaultAuthenticationModule) FallbackToEnv(&opts.AuthSecret, "VPNWEB_AUTH_SECRET", "") FallbackToEnv(&opts.ApiPath, "VPNWEB_API_PATH", "/etc/leap/config/vpn") diff --git a/pkg/web/handlers.go b/pkg/web/handlers.go index 633ae95..9c4e91b 100644 --- a/pkg/web/handlers.go +++ b/pkg/web/handlers.go @@ -33,8 +33,8 @@ func (ch *CertHandler) CertResponder(w http.ResponseWriter, r *http.Request) { ch.Cainfo.CertWriter(w) } -func HttpFileHandler(route string, path string) { - http.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) { +func HttpFileHandler(mux *http.ServeMux, route string, path string) { + mux.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, path) }) } |