From 8488ef56611256c1761f93de5f8df23e07b86af4 Mon Sep 17 00:00:00 2001
From: Vishal Tak <vtak@gitlab.com>
Date: Thu, 26 May 2022 14:10:09 +0530
Subject: Add support for tls for metrics

Changelog: added
---
 app.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'app.go')

diff --git a/app.go b/app.go
index 760a8bfb..7937e3fd 100644
--- a/app.go
+++ b/app.go
@@ -277,8 +277,8 @@ func (a *theApp) Run() error {
 	}
 
 	// Serve metrics for Prometheus
-	if a.config.General.MetricsAddress != "" {
-		s := a.listenMetrics(eg, a.config.General.MetricsAddress)
+	if a.config.Metrics.Address != "" {
+		s := a.listenMetrics(eg, a.config.Metrics)
 		servers = append(servers, s)
 	}
 
@@ -322,13 +322,22 @@ func (a *theApp) listen(eg *errgroup.Group, addr string, h http.Handler, errTrac
 	return server
 }
 
-func (a *theApp) listenMetrics(eg *errgroup.Group, addr string) *http.Server {
+func (a *theApp) listenMetrics(eg *errgroup.Group, config cfg.Metrics) *http.Server {
 	server := &http.Server{}
 	eg.Go(func() error {
-		l, err := net.Listen("tcp", addr)
+		l, err := net.Listen("tcp", config.Address)
 		if err != nil {
 			errortracking.CaptureErrWithStackTrace(err, errortracking.WithField("listener", "metrics"))
-			return fmt.Errorf("failed to listen on addr %s: %w", addr, err)
+			return fmt.Errorf("failed to listen on addr %s: %w", config.Address, err)
+		}
+
+		metricsTLSConfig := &cryptotls.Config{
+			Certificates: []cryptotls.Certificate{config.TLSCertificate},
+			MinVersion:   cryptotls.VersionTLS12,
+		}
+
+		if config.IsHTTPS {
+			l = cryptotls.NewListener(l, metricsTLSConfig)
 		}
 
 		monitoringOpts := []monitoring.Option{
-- 
cgit v1.2.3