[FEAT] Allow insecure certificates on InfluxDB

This change allows users to skip TLS certificate verification on their InfluxDB server, if they wish to do so, for instance when using self- signed certificates. Without this change, scrutiny failed to start and paniced with a `x509: certificate signed by unknown authority` error.
2 years ago · e07a53046f
parent 19a0b8c2ac
commit e07a53046f
2 changed files with 16 additions and 4 deletions
--- a/webapp/backend/pkg/config/config.go
+++ b/webapp/backend/pkg/config/config.go
@ -49,6 +49,7 @@ func (c *configuration) Init() error {
 	c.SetDefault("web.influxdb.init_username", "admin")
 	c.SetDefault("web.influxdb.init_password", "password12345")
 	c.SetDefault("web.influxdb.token", "scrutiny-default-admin-token")
+	c.SetDefault("web.influxdb.tls.insecure_skip_verify", false)
 	c.SetDefault("web.influxdb.retention_policy", true)

 	//c.SetDefault("disks.include", []string{})
--- a/webapp/backend/pkg/database/scrutiny_repository.go
+++ b/webapp/backend/pkg/database/scrutiny_repository.go
@ -2,6 +2,7 @@ package database

 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"github.com/analogj/scrutiny/webapp/backend/pkg/config"
@ -95,11 +96,20 @@ func NewScrutinyRepository(appConfig config.Interface, globalLogger logrus.Field
 	influxdbUrl := fmt.Sprintf("%s://%s:%s", appConfig.GetString("web.influxdb.scheme"), appConfig.GetString("web.influxdb.host"), appConfig.GetString("web.influxdb.port"))
 	globalLogger.Debugf("InfluxDB url: %s", influxdbUrl)

-	client := influxdb2.NewClient(influxdbUrl, appConfig.GetString("web.influxdb.token"))
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: appConfig.GetBool("web.influxdb.tls.insecure_skip_verify"),
+	}
+	globalLogger.Infof("InfluxDB certificate verification: %t\n", !tlsConfig.InsecureSkipVerify)
+
+	client := influxdb2.NewClientWithOptions(
+		influxdbUrl,
+		appConfig.GetString("web.influxdb.token"),
+		influxdb2.DefaultOptions().SetTLSConfig(tlsConfig),
+	)

 	//if !appConfig.IsSet("web.influxdb.token") {
 	globalLogger.Debugf("Determine Influxdb setup status...")
-	influxSetupComplete, err := InfluxSetupComplete(influxdbUrl)
+	influxSetupComplete, err := InfluxSetupComplete(influxdbUrl, tlsConfig)
 	if err != nil {
 		return nil, fmt.Errorf("failed to check influxdb setup status - %w", err)
 	}
@ -218,7 +228,7 @@ func (sr *scrutinyRepository) HealthCheck(ctx context.Context) error {

 }

-func InfluxSetupComplete(influxEndpoint string) (bool, error) {
+func InfluxSetupComplete(influxEndpoint string, tlsConfig *tls.Config) (bool, error) {
 	influxUri, err := url.Parse(influxEndpoint)
 	if err != nil {
 		return false, err
@ -228,7 +238,8 @@ func InfluxSetupComplete(influxEndpoint string) (bool, error) {
 		return false, err
 	}

-	res, err := http.Get(influxUri.String())
+    client := &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}
+	res, err := client.Get(influxUri.String())
 	if err != nil {
 		return false, err
 	}