You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2023/01/20 13:17:26 UTC

[skywalking] branch master updated: Enhance OAP HTTP server to support HTTPS (#10296)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new f7162d5898 Enhance OAP HTTP server to support HTTPS (#10296)
f7162d5898 is described below

commit f7162d589863b9f909096fb089bb907387fc74f8
Author: yswdqz <74...@users.noreply.github.com>
AuthorDate: Fri Jan 20 21:17:18 2023 +0800

    Enhance OAP HTTP server to support HTTPS (#10296)
---
 docs/en/changes/changes.md                         |  1 +
 .../oap/server/library/server/http/HTTPServer.java | 28 ++++++++++++++++++----
 .../library/server/http/HTTPServerConfig.java      |  7 ++++++
 3 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index f117e5c997..fd6aac7d5d 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -81,6 +81,7 @@
 * Fix gRPC alarm cannot update settings from dynamic configuration source.
 * Add Python Websocket module component ID(7018).
 * [Optional] Optimize single trace query performance by customizing routing in ElasticSearch. SkyWalking trace segments and Zipkin spans are using trace ID for routing. This is OFF by default, controlled by `storage/elasticsearch/enableCustomRouting`.
+* Enhance OAP HTTP server to support HTTPS
 
 #### UI
 
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
index 536eca226f..7e50df12e7 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
@@ -27,13 +27,21 @@ import com.linecorp.armeria.server.ServerBuilder;
 import com.linecorp.armeria.server.docs.DocService;
 import com.linecorp.armeria.server.healthcheck.HealthCheckService;
 import com.linecorp.armeria.server.logging.LoggingService;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.InetSocketAddress;
+
 import java.time.Duration;
 import java.util.List;
 import java.util.Set;
+
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.skywalking.oap.server.library.server.Server;
+import org.apache.skywalking.oap.server.library.server.ssl.PrivateKeyUtil;
+
 import static java.util.Objects.requireNonNull;
 
 @Slf4j
@@ -56,10 +64,6 @@ public class HTTPServer implements Server {
             .serviceUnder(contextPath + "/docs", DocService.builder().build())
             .service("/internal/l7check", HealthCheckService.of())
             .workerGroup(config.getMaxThreads())
-            .http(new InetSocketAddress(
-                config.getHost(),
-                config.getPort()
-            ))
             .http1MaxHeaderSize(config.getMaxRequestHeaderSize())
             .idleTimeout(Duration.ofMillis(config.getIdleTimeOut()))
             .decorator(Route.ofCatchAll(), (delegate, ctx, req) -> {
@@ -70,6 +74,22 @@ public class HTTPServer implements Server {
             })
             .decorator(LoggingService.newDecorator());
 
+        if (config.isEnableTLS()) {
+            sb.https(new InetSocketAddress(
+                    config.getHost(),
+                    config.getPort()));
+            try (InputStream cert = new FileInputStream(config.getTlsCertChainPath());
+                 InputStream key = PrivateKeyUtil.loadDecryptionKey(config.getTlsKeyPath())) {
+                sb.tls(cert, key);
+            } catch (IOException e) {
+                throw new IllegalArgumentException(e);
+            }
+        } else {
+            sb.http(new InetSocketAddress(
+                    config.getHost(),
+                    config.getPort()
+            ));
+        }
         if (config.getAcceptQueueSize() > 0) {
             sb.maxNumConnections(config.getAcceptQueueSize());
         }
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
index 0e7f314497..f7b2eb22f9 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
@@ -39,4 +39,11 @@ public class HTTPServerConfig {
     private int acceptQueueSize = 0;
     @Builder.Default
     private int maxRequestHeaderSize = 8192;
+
+    @Builder.Default
+    private boolean enableTLS = false;
+
+    private String tlsKeyPath;
+    private String tlsCertChainPath;
+
 }