Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/metrics/exporter/base_exporter.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/metrics/exporter/base_exporter.rb')
-rw-r--r--lib/gitlab/metrics/exporter/base_exporter.rb43
1 files changed, 39 insertions, 4 deletions
diff --git a/lib/gitlab/metrics/exporter/base_exporter.rb b/lib/gitlab/metrics/exporter/base_exporter.rb
index ba2eb729d7b..858a0a120cc 100644
--- a/lib/gitlab/metrics/exporter/base_exporter.rb
+++ b/lib/gitlab/metrics/exporter/base_exporter.rb
@@ -7,6 +7,8 @@ module Gitlab
module Metrics
module Exporter
class BaseExporter < Daemon
+ CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
+
attr_reader :server
# @param settings [Hash] SettingsLogic hash containing the `*_exporter` config
@@ -38,10 +40,16 @@ module Gitlab
[logger, WEBrick::AccessLog::COMBINED_LOG_FORMAT]
]
- @server = ::WEBrick::HTTPServer.new(
- Port: settings.port, BindAddress: settings.address,
- Logger: logger, AccessLog: access_log
- )
+ server_config = {
+ Port: settings.port,
+ BindAddress: settings.address,
+ Logger: logger,
+ AccessLog: access_log
+ }
+
+ server_config.merge!(ssl_config) if settings['tls_enabled']
+
+ @server = ::WEBrick::HTTPServer.new(server_config)
server.mount '/', Rack::Handler::WEBrick, rack_app
true
@@ -82,6 +90,33 @@ module Gitlab
run -> (env) { [404, {}, ['']] }
end
end
+
+ def ssl_config
+ # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
+ require 'webrick/ssl'
+
+ certs = load_ca_certs_bundle(File.binread(settings['tls_cert_path']))
+
+ {
+ SSLEnable: true,
+ SSLCertificate: certs.shift,
+ SSLPrivateKey: OpenSSL::PKey.read(File.binread(settings['tls_key_path'])),
+ # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
+ # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
+ SSLStartImmediately: true,
+ SSLExtraChainCert: certs
+ }
+ end
+
+ # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
+ # https://github.com/ruby/openssl/issues/254
+ def load_ca_certs_bundle(ca_certs_string)
+ return [] unless ca_certs_string
+
+ ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
+ OpenSSL::X509::Certificate.new(ca_cert_string)
+ end
+ end
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 08:19:44 +0300