added secure connection option (#48)
diff --git a/README.md b/README.md
index a78aac3..1ff9800 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,7 @@
| `SW_AGENT_NAME` | The name of the service | `your-nodejs-service` |
| `SW_AGENT_INSTANCE` | The name of the service instance | Randomly generated |
| `SW_AGENT_COLLECTOR_BACKEND_SERVICES` | The backend OAP server address | `127.0.0.1:11800` |
+| `SW_AGENT_SECURE` | Whether to use secure connection to backend OAP server | `false` |
| `SW_AGENT_AUTHENTICATION` | The authentication token to verify that the agent is trusted by the backend OAP, as for how to configure the backend, refer to [the yaml](https://github.com/apache/skywalking/blob/4f0f39ffccdc9b41049903cc540b8904f7c9728e/oap-server/server-bootstrap/src/main/resources/application.yml#L155-L158). | not set |
| `SW_AGENT_LOGGING_LEVEL` | The logging level, could be one of `error`, `warn`, `info`, `debug` | `info` |
| `SW_AGENT_DISABLE_PLUGINS` | Comma-delimited list of plugins to disable in the plugins directory (e.g. "mysql", "express"). | `` |
diff --git a/src/agent/protocol/grpc/clients/HeartbeatClient.ts b/src/agent/protocol/grpc/clients/HeartbeatClient.ts
index 660d620..55d00d9 100755
--- a/src/agent/protocol/grpc/clients/HeartbeatClient.ts
+++ b/src/agent/protocol/grpc/clients/HeartbeatClient.ts
@@ -37,9 +37,11 @@
private heartbeatTimer?: NodeJS.Timeout;
constructor() {
- this.managementServiceClient = new ManagementServiceClient(config.collectorAddress, grpc.credentials.createInsecure(), {
- interceptors: [AuthInterceptor],
- });
+ this.managementServiceClient = new ManagementServiceClient(
+ config.collectorAddress,
+ config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(),
+ { interceptors: [AuthInterceptor] },
+ );
}
get isConnected(): boolean {
diff --git a/src/agent/protocol/grpc/clients/TraceReportClient.ts b/src/agent/protocol/grpc/clients/TraceReportClient.ts
index fcc7fd8..79b19bc 100755
--- a/src/agent/protocol/grpc/clients/TraceReportClient.ts
+++ b/src/agent/protocol/grpc/clients/TraceReportClient.ts
@@ -40,7 +40,7 @@
this.buffer = new Buffer();
this.reporterClient = new TraceSegmentReportServiceClient(
config.collectorAddress,
- grpc.credentials.createInsecure(),
+ config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(),
{ interceptors: [AuthInterceptor] },
);
emitter.on('segment-finished', (segment) => {
diff --git a/src/config/AgentConfig.ts b/src/config/AgentConfig.ts
index c92afea..eb74b0d 100644
--- a/src/config/AgentConfig.ts
+++ b/src/config/AgentConfig.ts
@@ -23,6 +23,7 @@
serviceName?: string;
serviceInstance?: string;
collectorAddress?: string;
+ secure?: boolean;
authorization?: string;
maxBufferSize?: number;
disablePlugins?: string;
@@ -62,6 +63,7 @@
return os.hostname();
})(),
collectorAddress: process.env.SW_AGENT_COLLECTOR_BACKEND_SERVICES || '127.0.0.1:11800',
+ secure: process.env.SW_AGENT_SECURE?.toLocaleLowerCase() === 'true',
authorization: process.env.SW_AGENT_AUTHENTICATION,
maxBufferSize: Number.isSafeInteger(process.env.SW_AGENT_MAX_BUFFER_SIZE) ?
Number.parseInt(process.env.SW_AGENT_MAX_BUFFER_SIZE as string, 10) : 1000,
