Skip to content

Commit f28848e

Browse files
tscolaritscolari
committed
Use tls.Dial when proxy is configured with TLS
1 parent 9b77fa3 commit f28848e

File tree

2 files changed

+23
-9
lines changed

2 files changed

+23
-9
lines changed

server/server.go

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package server
22

33
import (
44
"context"
5+
"crypto/tls"
56
"fmt"
67
"net"
78
"strings"
@@ -118,14 +119,27 @@ func NewServer(conf *config.Config, logger log.Logger) (*Server, error) {
118119

119120
// Cluster.
120121

122+
proxyTLSConfig, err := conf.Proxy.TLS.Load()
123+
if err != nil {
124+
return nil, fmt.Errorf("proxy tls: %w", err)
125+
}
126+
121127
s.clusterState = cluster.NewState(&cluster.Node{
122128
ID: conf.Cluster.NodeID,
123129
ProxyAddr: conf.Proxy.AdvertiseAddr,
124130
AdminAddr: conf.Admin.AdvertiseAddr,
125131
}, logger)
126132
s.clusterState.Metrics().Register(registry)
127133

128-
upstreams := upstream.NewLoadBalancedManager(s.clusterState)
134+
var clientTLSConfig *tls.Config
135+
if proxyTLSConfig != nil {
136+
clientTLSConfig, err = conf.Proxy.ClientTLS.Load()
137+
if err != nil {
138+
return nil, fmt.Errorf("proxy client tls: %w", err)
139+
}
140+
}
141+
142+
upstreams := upstream.NewLoadBalancedManager(s.clusterState, clientTLSConfig)
129143
upstreams.Metrics().Register(registry)
130144

131145
// Proxy server.
@@ -140,10 +154,6 @@ func NewServer(conf *config.Config, logger log.Logger) (*Server, error) {
140154
auth.NewJWTVerifier(verifierConf), nil,
141155
)
142156
}
143-
proxyTLSConfig, err := conf.Proxy.TLS.Load()
144-
if err != nil {
145-
return nil, fmt.Errorf("proxy tls: %w", err)
146-
}
147157
s.proxyServer = proxy.NewServer(
148158
upstreams,
149159
conf.Proxy,

server/upstream/manager.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package upstream
22

33
import (
4+
"crypto/tls"
45
"sync"
56

67
"github.com/prometheus/client_golang/prometheus"
@@ -83,12 +84,15 @@ type LoadBalancedManager struct {
8384
cluster *cluster.State
8485

8586
metrics *Metrics
87+
88+
clientTLSConfig *tls.Config
8689
}
8790

88-
func NewLoadBalancedManager(cluster *cluster.State) *LoadBalancedManager {
91+
func NewLoadBalancedManager(cluster *cluster.State, proxyClientTLSConfig *tls.Config) *LoadBalancedManager {
8992
return &LoadBalancedManager{
90-
localUpstreams: make(map[string]*loadBalancer),
91-
cluster: cluster,
93+
localUpstreams: make(map[string]*loadBalancer),
94+
cluster: cluster,
95+
clientTLSConfig: proxyClientTLSConfig,
9296
usage: &Usage{
9397
Requests: atomic.NewUint64(0),
9498
Upstreams: atomic.NewUint64(0),
@@ -118,7 +122,7 @@ func (m *LoadBalancedManager) Select(endpointID string, allowRemote bool) (Upstr
118122
"node_id": node.ID,
119123
}).Inc()
120124
m.usage.Requests.Inc()
121-
return NewNodeUpstream(endpointID, node), true
125+
return NewNodeUpstream(endpointID, node, m.clientTLSConfig), true
122126
}
123127

124128
func (m *LoadBalancedManager) AddConn(u Upstream) {

0 commit comments

Comments
 (0)