1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-01-23 11:14:48 +02:00

Allow replacing line breaks with \n in OTel keys and certs

This commit is contained in:
DarthSim 2022-12-11 22:29:58 +06:00
parent 67cd992e12
commit 68e758d811
4 changed files with 15 additions and 9 deletions

View File

@ -9,6 +9,7 @@
- Change `IMGPROXY_AVIF_SPEED` default value to `8`.
- Change `IMGPROXY_PREFERRED_FORMATS` default value to `jpeg,png,gif`.
- Set `Cache-Control: no-cache` header to the health check responses.
- Allow replacing line breaks with `\n` in `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`, `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`, and`IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`.
## [3.11.0] - 2022-11-17
### Add

View File

@ -406,9 +406,9 @@ imgproxy can send request traces to an OpenTelemetry collector:
* `IMGPROXY_OPEN_TELEMETRY_PROTOCOL`: OpenTelemetry collector protocol. Supported protocols are `grpc`, `https`, and `http`. Default: `grpc`
* `IMGPROXY_OPEN_TELEMETRY_SERVICE_NAME`: OpenTelemetry service name. Default: `imgproxy`
* `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS`: when `true`, imgproxy will send metrics over OpenTelemetry Metrics API. Default: `false`
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank
* `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE`: when `true`, imgproxy will use an insecure GRPC connection unless the collector TLS certificate is not provided. Default: `true`
* `IMGPROXY_OPEN_TELEMETRY_PROPAGATORS`: a list of OpenTelemetry text map propagators, comma divided. Supported propagators are `tracecontext`, `baggage`, `b3`, `b3multi`, `jaeger`, `xray`, and `ottrace`. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR`: OpenTelemetry trace ID generator. Supported generators are `xray` and `random`. Default: `xray`

View File

@ -42,9 +42,9 @@ If `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS` is set to `true`, imgproxy will also
If your OpenTelemetry collector is secured with TLS, you may need to specify the collector's certificate on the imgproxy side:
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
If your collector uses mTLS for mutual authentication, you'll also need to specify the client's certificate/key pair:
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank

View File

@ -6,6 +6,7 @@ import (
"crypto/x509"
"fmt"
"net/http"
"strings"
"time"
"github.com/felixge/httpsnoop"
@ -280,7 +281,7 @@ func buildTLSConfig() (*tls.Config, error) {
}
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM([]byte(config.OpenTelemetryServerCert)) {
if !certPool.AppendCertsFromPEM(prepareKeyCert(config.OpenTelemetryServerCert)) {
return nil, fmt.Errorf("Can't load OpenTelemetry server cert")
}
@ -288,8 +289,8 @@ func buildTLSConfig() (*tls.Config, error) {
if len(config.OpenTelemetryClientCert) > 0 && len(config.OpenTelemetryClientKey) > 0 {
cert, err := tls.X509KeyPair(
[]byte(config.OpenTelemetryClientCert),
[]byte(config.OpenTelemetryClientKey),
prepareKeyCert(config.OpenTelemetryClientCert),
prepareKeyCert(config.OpenTelemetryClientKey),
)
if err != nil {
return nil, fmt.Errorf("Can't load OpenTelemetry client cert/key pair: %s", err)
@ -301,6 +302,10 @@ func buildTLSConfig() (*tls.Config, error) {
return &tlsConf, nil
}
func prepareKeyCert(str string) []byte {
return []byte(strings.ReplaceAll(str, `\n`, "\n"))
}
func Stop() {
if enabled {
trctx, trcancel := context.WithTimeout(context.Background(), 5*time.Second)