Added ssl.keyfile option for serving metrics over TLS

Author: ewoutp

main.go

@@ -1,3 +1,25 @@
+//
+// DISCLAIMER
+//
+// Copyright 2018 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Ewout Prangsma
+//
+
 package main
 
 import (
@@ -19,13 +41,11 @@ var (
 	maskAny        = errors.WithStack
 
 	cmdMain = &cobra.Command{
-		Use: "arangodb_exporter",
+		Use: "arangodb-exporter",
 		Run: cmdMainRun,
 	}
 
-	serverOptions struct {
-		listenAddress string
-	}
+	serverOptions   ServerConfig
 	arangodbOptions struct {
 		endpoint  string
 		jwtSecret string
@@ -36,7 +56,8 @@ var (
 func init() {
 	f := cmdMain.Flags()
 
-	f.StringVar(&serverOptions.listenAddress, "server.address", ":9101", "Address the exporter will listen on (IP:port)")
+	f.StringVar(&serverOptions.Address, "server.address", ":9101", "Address the exporter will listen on (IP:port)")
+	f.StringVar(&serverOptions.TLSKeyfile, "ssl.keyfile", "", "File containing TLS certificate used for the metrics server. Format equal to ArangoDB keyfiles")
 
 	f.StringVar(&arangodbOptions.endpoint, "arangodb.endpoint", "http://127.0.0.1:8529", "Endpoint used to reach the ArangoDB server")
 	f.StringVar(&arangodbOptions.jwtSecret, "arangodb.jwtsecret", "", "JWT Secret used for authentication with ArangoDB server")
@@ -48,18 +69,22 @@ func main() {
 }
 
 func cmdMainRun(cmd *cobra.Command, args []string) {
-	log.Infoln(fmt.Sprintf("Starting arangodb_exporter %s, build %s", projectVersion, projectBuild))
+	log.Infoln(fmt.Sprintf("Starting arangodb-exporter %s, build %s", projectVersion, projectBuild))
 
 	exporter, err := NewExporter(arangodbOptions.endpoint, arangodbOptions.jwtSecret, false, arangodbOptions.timeout)
 	if err != nil {
 		log.Fatal(err)
 	}
 	prometheus.MustRegister(exporter)
+	version.Version = projectVersion
+	version.Revision = projectBuild
 	prometheus.MustRegister(version.NewCollector("arangodb_exporter"))
 
-	log.Infoln("Listening on", serverOptions.listenAddress)
-	http.Handle("/metrics", prometheus.Handler())
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	log.Infoln("Listening on", serverOptions.Address)
+
+	mux := http.NewServeMux()
+	mux.Handle("/metrics", prometheus.Handler())
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte(`<html>
              <head><title>ArangoDB Exporter</title></head>
              <body>
@@ -68,5 +93,10 @@ func cmdMainRun(cmd *cobra.Command, args []string) {
              </body>
              </html>`))
 	})
-	log.Fatal(http.ListenAndServe(serverOptions.listenAddress, nil))
+
+	server, err := NewServer(mux, serverOptions)
+	if err != nil {
+		log.Fatal(err)
+	}
+	log.Fatal(server.Run())
 }

server.go

@@ -0,0 +1,93 @@
+//
+// DISCLAIMER
+//
+// Copyright 2018 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Ewout Prangsma
+//
+
+package main
+
+import (
+	"crypto/tls"
+	"net/http"
+	_ "net/http/pprof"
+	"time"
+
+	certificates "github.com/arangodb-helper/go-certificates"
+)
+
+// ServerConfig settings for the Server
+type ServerConfig struct {
+	Address    string // Address to listen on
+	TLSKeyfile string // Keyfile containing TLS certificate
+}
+
+// Server is the HTTPS server for the operator.
+type Server struct {
+	httpServer *http.Server
+}
+
+// NewServer creates a new server, fetching/preparing a TLS certificate.
+func NewServer(handler http.Handler, cfg ServerConfig) (*Server, error) {
+	httpServer := &http.Server{
+		Addr:              cfg.Address,
+		Handler:           handler,
+		ReadTimeout:       time.Second * 30,
+		ReadHeaderTimeout: time.Second * 15,
+		WriteTimeout:      time.Second * 30,
+		TLSNextProto:      make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
+	}
+
+	if cfg.TLSKeyfile != "" {
+		tlsConfig, err := createTLSConfig(cfg.TLSKeyfile)
+		if err != nil {
+			return nil, maskAny(err)
+		}
+		tlsConfig.BuildNameToCertificate()
+		httpServer.TLSConfig = tlsConfig
+	}
+
+	return &Server{
+		httpServer: httpServer,
+	}, nil
+}
+
+// Run the server until the program stops.
+func (s *Server) Run() error {
+	if s.httpServer.TLSConfig != nil {
+		if err := s.httpServer.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
+			return maskAny(err)
+		}
+	} else {
+		if err := s.httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			return maskAny(err)
+		}
+	}
+	return nil
+}
+
+// createTLSConfig creates a TLS config from the given keyfile.
+func createTLSConfig(keyfile string) (*tls.Config, error) {
+	cert, err := certificates.LoadKeyFile(keyfile)
+	if err != nil {
+		return nil, maskAny(err)
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}, nil
+}