open-source-mirrors
/
scrutiny
mirror of https://github.com/AnalogJ/scrutiny
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[FEAT] Allow insecure certificates on InfluxDB

Browse Source 
This change allows users to skip TLS certificate verification on their
InfluxDB server, if they wish to do so, for instance when using self-
signed certificates.
Without this change, scrutiny failed to start and paniced with a
`x509: certificate signed by unknown authority` error.
pull/441/head
Saswat Padhi 1 year ago
parent 19a0b8c2ac
commit e07a53046f
No known key found for this signature in database
GPG Key ID: B80D3A12846D5776
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File

1
webapp/backend/pkg/config/config.go
Unescape View File

@ -49,6 +49,7 @@ func (c *configuration) Init() error {
c.SetDefault("web.influxdb.init_username", "admin") c.SetDefault("web.influxdb.init_username", "admin")
c.SetDefault("web.influxdb.init_password", "password12345") c.SetDefault("web.influxdb.init_password", "password12345")
c.SetDefault("web.influxdb.token", "scrutiny-default-admin-token") c.SetDefault("web.influxdb.token", "scrutiny-default-admin-token")
c.SetDefault("web.influxdb.tls.insecure_skip_verify", false)
c.SetDefault("web.influxdb.retention_policy", true) c.SetDefault("web.influxdb.retention_policy", true)
//c.SetDefault("disks.include", []string{}) //c.SetDefault("disks.include", []string{})

19
webapp/backend/pkg/database/scrutiny_repository.go
Unescape View File

@ -2,6 +2,7 @@ package database
import ( import (
"context" "context"
"crypto/tls"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/analogj/scrutiny/webapp/backend/pkg/config" "github.com/analogj/scrutiny/webapp/backend/pkg/config"
@ -95,11 +96,20 @@ func NewScrutinyRepository(appConfig config.Interface, globalLogger logrus.Field
influxdbUrl := fmt.Sprintf("%s://%s:%s", appConfig.GetString("web.influxdb.scheme"), appConfig.GetString("web.influxdb.host"), appConfig.GetString("web.influxdb.port")) influxdbUrl := fmt.Sprintf("%s://%s:%s", appConfig.GetString("web.influxdb.scheme"), appConfig.GetString("web.influxdb.host"), appConfig.GetString("web.influxdb.port"))
globalLogger.Debugf("InfluxDB url: %s", influxdbUrl) globalLogger.Debugf("InfluxDB url: %s", influxdbUrl)
client := influxdb2.NewClient(influxdbUrl, appConfig.GetString("web.influxdb.token")) tlsConfig := &tls.Config{
InsecureSkipVerify: appConfig.GetBool("web.influxdb.tls.insecure_skip_verify"),
}
globalLogger.Infof("InfluxDB certificate verification: %t\n", !tlsConfig.InsecureSkipVerify)
client := influxdb2.NewClientWithOptions(
influxdbUrl,
appConfig.GetString("web.influxdb.token"),
influxdb2.DefaultOptions().SetTLSConfig(tlsConfig),
)
//if !appConfig.IsSet("web.influxdb.token") { //if !appConfig.IsSet("web.influxdb.token") {
globalLogger.Debugf("Determine Influxdb setup status...") globalLogger.Debugf("Determine Influxdb setup status...")
influxSetupComplete, err := InfluxSetupComplete(influxdbUrl) influxSetupComplete, err := InfluxSetupComplete(influxdbUrl, tlsConfig)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to check influxdb setup status - %w", err) return nil, fmt.Errorf("failed to check influxdb setup status - %w", err)
} }
@ -218,7 +228,7 @@ func (sr *scrutinyRepository) HealthCheck(ctx context.Context) error {
} }
func InfluxSetupComplete(influxEndpoint string) (bool, error) { func InfluxSetupComplete(influxEndpoint string, tlsConfig *tls.Config) (bool, error) {
influxUri, err := url.Parse(influxEndpoint) influxUri, err := url.Parse(influxEndpoint)
if err != nil { if err != nil {
return false, err return false, err
@ -228,7 +238,8 @@ func InfluxSetupComplete(influxEndpoint string) (bool, error) {
return false, err return false, err
} }
res, err := http.Get(influxUri.String()) client := &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}
res, err := client.Get(influxUri.String())
if err != nil { if err != nil {
return false, err return false, err
} }

Write Preview
Loading…
Cancel
Save