core: metrics v2 (#1370)

* outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
parent c5cf17b60b
commit 7158c9d2ea
27 changed files with 400 additions and 25 deletions
--- a/internal/web/ssl.go
+++ b/internal/web/ssl.go
@ -0,0 +1,37 @@
+package web
+
+import (
+	"crypto/tls"
+	"net"
+
+	"github.com/pires/go-proxyproto"
+	"goauthentik.io/internal/config"
+	"goauthentik.io/internal/crypto"
+)
+
+// ServeHTTPS constructs a net.Listener and starts handling HTTPS requests
+func (ws *WebServer) listenTLS() {
+	cert, err := crypto.GenerateSelfSignedCert()
+	if err != nil {
+		ws.log.WithError(err).Error("failed to generate default cert")
+	}
+	tlsConfig := &tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		MaxVersion:   tls.VersionTLS12,
+		Certificates: []tls.Certificate{cert},
+	}
+
+	ln, err := net.Listen("tcp", config.G.Web.ListenTLS)
+	if err != nil {
+		ws.log.WithError(err).Fatalf("failed to listen")
+		return
+	}
+	ws.log.WithField("addr", config.G.Web.ListenTLS).Info("Running")
+
+	proxyListener := &proxyproto.Listener{Listener: tcpKeepAliveListener{ln.(*net.TCPListener)}}
+	defer proxyListener.Close()
+
+	tlsListener := tls.NewListener(proxyListener, tlsConfig)
+	ws.serve(tlsListener)
+	ws.log.Printf("closing %s", tlsListener.Addr())
+}