Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-07-08 06:09:21 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2022-07-08 06:09:21 +0300
commit4ec82c35f26a370589b7dd5fa9ca6ee4a079c62b (patch)
tree7fed6790d2b809c74e2931055256898cb631225d /lib/gitlab/metrics
parent5487465d35110ef72c2e7cea7ef031c3ddf4dcbc (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/metrics')
-rw-r--r--lib/gitlab/metrics/exporter/base_exporter.rb43
1 files changed, 30 insertions, 13 deletions
diff --git a/lib/gitlab/metrics/exporter/base_exporter.rb b/lib/gitlab/metrics/exporter/base_exporter.rb
index fc271a24cf2..858a0a120cc 100644
--- a/lib/gitlab/metrics/exporter/base_exporter.rb
+++ b/lib/gitlab/metrics/exporter/base_exporter.rb
@@ -7,6 +7,8 @@ module Gitlab
module Metrics
module Exporter
class BaseExporter < Daemon
+ CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
+
attr_reader :server
# @param settings [Hash] SettingsLogic hash containing the `*_exporter` config
@@ -45,19 +47,7 @@ module Gitlab
AccessLog: access_log
}
- if settings['tls_enabled']
- # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
- require 'webrick/ssl'
-
- server_config.merge!({
- SSLEnable: true,
- SSLCertificate: OpenSSL::X509::Certificate.new(File.binread(settings['tls_cert_path'])),
- SSLPrivateKey: OpenSSL::PKey.read(File.binread(settings['tls_key_path'])),
- # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
- # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
- SSLStartImmediately: true
- })
- end
+ server_config.merge!(ssl_config) if settings['tls_enabled']
@server = ::WEBrick::HTTPServer.new(server_config)
server.mount '/', Rack::Handler::WEBrick, rack_app
@@ -100,6 +90,33 @@ module Gitlab
run -> (env) { [404, {}, ['']] }
end
end
+
+ def ssl_config
+ # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
+ require 'webrick/ssl'
+
+ certs = load_ca_certs_bundle(File.binread(settings['tls_cert_path']))
+
+ {
+ SSLEnable: true,
+ SSLCertificate: certs.shift,
+ SSLPrivateKey: OpenSSL::PKey.read(File.binread(settings['tls_key_path'])),
+ # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
+ # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
+ SSLStartImmediately: true,
+ SSLExtraChainCert: certs
+ }
+ end
+
+ # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
+ # https://github.com/ruby/openssl/issues/254
+ def load_ca_certs_bundle(ca_certs_string)
+ return [] unless ca_certs_string
+
+ ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
+ OpenSSL::X509::Certificate.new(ca_cert_string)
+ end
+ end
end
end
end