api, common, db4s, webui: Don't log TLS handshake errors

justinclift · justinclift · commit 071777943bc8 · 2023-04-20T21:05:35.000+10:00
We get a fair amount of (useless) TLS handshake error messages
filling our logs.  This commit introduces a custom http error log
function to filter them out.
diff --git a/api/main.go b/api/main.go
@@ -150,6 +150,7 @@ func main() {
 	}
 	srv := &http.Server{
 		Addr:         com.Conf.Api.BindAddress,
+		ErrorLog:     com.HttpErrorLog(),
 		TLSConfig:    newTLSConfig,
 		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
 	}
diff --git a/common/util.go b/common/util.go
@@ -18,6 +18,33 @@ import (
 	"github.com/minio/minio-go"
 )
 
+var (
+	// Our custom http error logger
+	httpErrorLogger *log.Logger
+)
+
+// FilteringErrorLogWriter is a custom error logger for our http servers, to filter out the copious
+// 'TLS handshake error' messages we're getting.
+// Very heavily based on: https://github.com/golang/go/issues/26918#issuecomment-974257205
+type FilteringErrorLogWriter struct{}
+
+func (*FilteringErrorLogWriter) Write(msg []byte) (int, error) {
+	z := string(msg)
+	if !(strings.HasPrefix(z, "http: TLS handshake error") && strings.HasSuffix(z, ": EOF\n")) {
+		err := httpErrorLogger.Output(0, z)
+		if err != nil {
+			log.Println(err)
+		}
+	}
+	return len(msg), nil
+}
+
+// Filter out the copious 'TLS handshake error' messages we're getting
+func HttpErrorLog() *log.Logger {
+	httpErrorLogger = log.New(&FilteringErrorLogWriter{}, "", log.LstdFlags)
+	return httpErrorLogger
+}
+
 // AddDatabase is handles database upload processing
 func AddDatabase(loggedInUser, dbOwner, dbName string, createBranch bool, branchName,
 	commitID string, accessType SetAccessType, licenceName, commitMsg, sourceURL string, newDB io.Reader,
diff --git a/db4s/main.go b/db4s/main.go
@@ -107,6 +107,7 @@ func main() {
 	}
 	newServer := &http.Server{
 		Addr:         ":" + fmt.Sprint(com.Conf.DB4S.Port),
+		ErrorLog:     com.HttpErrorLog(),
 		Handler:      gz.GzipHandler(mux),
 		TLSConfig:    newTLSConfig,
 		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
diff --git a/webui/main.go b/webui/main.go
@@ -3506,7 +3506,8 @@ func main() {
 	// Start webUI server
 	log.Printf("WebUI server starting on https://%s\n", com.Conf.Web.ServerName)
 	srv := &http.Server{
-		Addr: com.Conf.Web.BindAddress,
+		Addr:     com.Conf.Web.BindAddress,
+		ErrorLog: com.HttpErrorLog(),
 		TLSConfig: &tls.Config{
 			MinVersion: tls.VersionTLS12, // TLS 1.2 is now the lowest acceptable level
 		},

Original file line number	Diff line number	Diff line change
`@@ -150,6 +150,7 @@ func main() {`
`150`	`150`	`}`
`151`	`151`	`srv := &http.Server{`
`152`	`152`	`Addr: com.Conf.Api.BindAddress,`
	`153`	`+ ErrorLog: com.HttpErrorLog(),`
`153`	`154`	`TLSConfig: newTLSConfig,`
`154`	`155`	`TLSNextProto: make(map[string]func(http.Server, tls.Conn, http.Handler), 0),`
`155`	`156`	`}`
Original file line number	Diff line number	Diff line change
`@@ -107,6 +107,7 @@ func main() {`
`107`	`107`	`}`
`108`	`108`	`newServer := &http.Server{`
`109`	`109`	`Addr: ":" + fmt.Sprint(com.Conf.DB4S.Port),`
	`110`	`+ ErrorLog: com.HttpErrorLog(),`
`110`	`111`	`Handler: gz.GzipHandler(mux),`
`111`	`112`	`TLSConfig: newTLSConfig,`
`112`	`113`	`TLSNextProto: make(map[string]func(http.Server, tls.Conn, http.Handler), 0),`