You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2023/01/20 13:17:26 UTC
[skywalking] branch master updated: Enhance OAP HTTP server to support HTTPS (#10296)
This is an automated email from the ASF dual-hosted git repository.
wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new f7162d5898 Enhance OAP HTTP server to support HTTPS (#10296)
f7162d5898 is described below
commit f7162d589863b9f909096fb089bb907387fc74f8
Author: yswdqz <74...@users.noreply.github.com>
AuthorDate: Fri Jan 20 21:17:18 2023 +0800
Enhance OAP HTTP server to support HTTPS (#10296)
---
docs/en/changes/changes.md | 1 +
.../oap/server/library/server/http/HTTPServer.java | 28 ++++++++++++++++++----
.../library/server/http/HTTPServerConfig.java | 7 ++++++
3 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index f117e5c997..fd6aac7d5d 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -81,6 +81,7 @@
* Fix gRPC alarm cannot update settings from dynamic configuration source.
* Add Python Websocket module component ID(7018).
* [Optional] Optimize single trace query performance by customizing routing in ElasticSearch. SkyWalking trace segments and Zipkin spans are using trace ID for routing. This is OFF by default, controlled by `storage/elasticsearch/enableCustomRouting`.
+* Enhance OAP HTTP server to support HTTPS
#### UI
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
index 536eca226f..7e50df12e7 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
@@ -27,13 +27,21 @@ import com.linecorp.armeria.server.ServerBuilder;
import com.linecorp.armeria.server.docs.DocService;
import com.linecorp.armeria.server.healthcheck.HealthCheckService;
import com.linecorp.armeria.server.logging.LoggingService;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.net.InetSocketAddress;
+
import java.time.Duration;
import java.util.List;
import java.util.Set;
+
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.skywalking.oap.server.library.server.Server;
+import org.apache.skywalking.oap.server.library.server.ssl.PrivateKeyUtil;
+
import static java.util.Objects.requireNonNull;
@Slf4j
@@ -56,10 +64,6 @@ public class HTTPServer implements Server {
.serviceUnder(contextPath + "/docs", DocService.builder().build())
.service("/internal/l7check", HealthCheckService.of())
.workerGroup(config.getMaxThreads())
- .http(new InetSocketAddress(
- config.getHost(),
- config.getPort()
- ))
.http1MaxHeaderSize(config.getMaxRequestHeaderSize())
.idleTimeout(Duration.ofMillis(config.getIdleTimeOut()))
.decorator(Route.ofCatchAll(), (delegate, ctx, req) -> {
@@ -70,6 +74,22 @@ public class HTTPServer implements Server {
})
.decorator(LoggingService.newDecorator());
+ if (config.isEnableTLS()) {
+ sb.https(new InetSocketAddress(
+ config.getHost(),
+ config.getPort()));
+ try (InputStream cert = new FileInputStream(config.getTlsCertChainPath());
+ InputStream key = PrivateKeyUtil.loadDecryptionKey(config.getTlsKeyPath())) {
+ sb.tls(cert, key);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e);
+ }
+ } else {
+ sb.http(new InetSocketAddress(
+ config.getHost(),
+ config.getPort()
+ ));
+ }
if (config.getAcceptQueueSize() > 0) {
sb.maxNumConnections(config.getAcceptQueueSize());
}
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
index 0e7f314497..f7b2eb22f9 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
@@ -39,4 +39,11 @@ public class HTTPServerConfig {
private int acceptQueueSize = 0;
@Builder.Default
private int maxRequestHeaderSize = 8192;
+
+ @Builder.Default
+ private boolean enableTLS = false;
+
+ private String tlsKeyPath;
+ private String tlsCertChainPath;
+
}