mirror of
https://github.com/imgproxy/imgproxy.git
synced 2025-01-23 11:14:48 +02:00
Allow replacing line breaks with \n in OTel keys and certs
This commit is contained in:
parent
67cd992e12
commit
68e758d811
@ -9,6 +9,7 @@
|
||||
- Change `IMGPROXY_AVIF_SPEED` default value to `8`.
|
||||
- Change `IMGPROXY_PREFERRED_FORMATS` default value to `jpeg,png,gif`.
|
||||
- Set `Cache-Control: no-cache` header to the health check responses.
|
||||
- Allow replacing line breaks with `\n` in `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`, `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`, and`IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`.
|
||||
|
||||
## [3.11.0] - 2022-11-17
|
||||
### Add
|
||||
|
@ -406,9 +406,9 @@ imgproxy can send request traces to an OpenTelemetry collector:
|
||||
* `IMGPROXY_OPEN_TELEMETRY_PROTOCOL`: OpenTelemetry collector protocol. Supported protocols are `grpc`, `https`, and `http`. Default: `grpc`
|
||||
* `IMGPROXY_OPEN_TELEMETRY_SERVICE_NAME`: OpenTelemetry service name. Default: `imgproxy`
|
||||
* `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS`: when `true`, imgproxy will send metrics over OpenTelemetry Metrics API. Default: `false`
|
||||
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE`: when `true`, imgproxy will use an insecure GRPC connection unless the collector TLS certificate is not provided. Default: `true`
|
||||
* `IMGPROXY_OPEN_TELEMETRY_PROPAGATORS`: a list of OpenTelemetry text map propagators, comma divided. Supported propagators are `tracecontext`, `baggage`, `b3`, `b3multi`, `jaeger`, `xray`, and `ottrace`. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR`: OpenTelemetry trace ID generator. Supported generators are `xray` and `random`. Default: `xray`
|
||||
|
@ -42,9 +42,9 @@ If `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS` is set to `true`, imgproxy will also
|
||||
|
||||
If your OpenTelemetry collector is secured with TLS, you may need to specify the collector's certificate on the imgproxy side:
|
||||
|
||||
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
|
||||
If your collector uses mTLS for mutual authentication, you'll also need to specify the client's certificate/key pair:
|
||||
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank
|
||||
|
@ -6,6 +6,7 @@ import (
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/felixge/httpsnoop"
|
||||
@ -280,7 +281,7 @@ func buildTLSConfig() (*tls.Config, error) {
|
||||
}
|
||||
|
||||
certPool := x509.NewCertPool()
|
||||
if !certPool.AppendCertsFromPEM([]byte(config.OpenTelemetryServerCert)) {
|
||||
if !certPool.AppendCertsFromPEM(prepareKeyCert(config.OpenTelemetryServerCert)) {
|
||||
return nil, fmt.Errorf("Can't load OpenTelemetry server cert")
|
||||
}
|
||||
|
||||
@ -288,8 +289,8 @@ func buildTLSConfig() (*tls.Config, error) {
|
||||
|
||||
if len(config.OpenTelemetryClientCert) > 0 && len(config.OpenTelemetryClientKey) > 0 {
|
||||
cert, err := tls.X509KeyPair(
|
||||
[]byte(config.OpenTelemetryClientCert),
|
||||
[]byte(config.OpenTelemetryClientKey),
|
||||
prepareKeyCert(config.OpenTelemetryClientCert),
|
||||
prepareKeyCert(config.OpenTelemetryClientKey),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Can't load OpenTelemetry client cert/key pair: %s", err)
|
||||
@ -301,6 +302,10 @@ func buildTLSConfig() (*tls.Config, error) {
|
||||
return &tlsConf, nil
|
||||
}
|
||||
|
||||
func prepareKeyCert(str string) []byte {
|
||||
return []byte(strings.ReplaceAll(str, `\n`, "\n"))
|
||||
}
|
||||
|
||||
func Stop() {
|
||||
if enabled {
|
||||
trctx, trcancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||
|
Loading…
x
Reference in New Issue
Block a user