Enhance OAP HTTP server to support HTTPS (#10296)
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index f117e5c..fd6aac7 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -81,6 +81,7 @@
* Fix gRPC alarm cannot update settings from dynamic configuration source.
* Add Python Websocket module component ID(7018).
* [Optional] Optimize single trace query performance by customizing routing in ElasticSearch. SkyWalking trace segments and Zipkin spans are using trace ID for routing. This is OFF by default, controlled by `storage/elasticsearch/enableCustomRouting`.
+* Enhance OAP HTTP server to support HTTPS
#### UI
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
index 536eca2..7e50df1 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServer.java
@@ -27,13 +27,21 @@
import com.linecorp.armeria.server.docs.DocService;
import com.linecorp.armeria.server.healthcheck.HealthCheckService;
import com.linecorp.armeria.server.logging.LoggingService;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.net.InetSocketAddress;
+
import java.time.Duration;
import java.util.List;
import java.util.Set;
+
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.skywalking.oap.server.library.server.Server;
+import org.apache.skywalking.oap.server.library.server.ssl.PrivateKeyUtil;
+
import static java.util.Objects.requireNonNull;
@Slf4j
@@ -56,10 +64,6 @@
.serviceUnder(contextPath + "/docs", DocService.builder().build())
.service("/internal/l7check", HealthCheckService.of())
.workerGroup(config.getMaxThreads())
- .http(new InetSocketAddress(
- config.getHost(),
- config.getPort()
- ))
.http1MaxHeaderSize(config.getMaxRequestHeaderSize())
.idleTimeout(Duration.ofMillis(config.getIdleTimeOut()))
.decorator(Route.ofCatchAll(), (delegate, ctx, req) -> {
@@ -70,6 +74,22 @@
})
.decorator(LoggingService.newDecorator());
+ if (config.isEnableTLS()) {
+ sb.https(new InetSocketAddress(
+ config.getHost(),
+ config.getPort()));
+ try (InputStream cert = new FileInputStream(config.getTlsCertChainPath());
+ InputStream key = PrivateKeyUtil.loadDecryptionKey(config.getTlsKeyPath())) {
+ sb.tls(cert, key);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e);
+ }
+ } else {
+ sb.http(new InetSocketAddress(
+ config.getHost(),
+ config.getPort()
+ ));
+ }
if (config.getAcceptQueueSize() > 0) {
sb.maxNumConnections(config.getAcceptQueueSize());
}
diff --git a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
index 0e7f314..f7b2eb2 100644
--- a/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
+++ b/oap-server/server-library/library-server/src/main/java/org/apache/skywalking/oap/server/library/server/http/HTTPServerConfig.java
@@ -39,4 +39,11 @@
private int acceptQueueSize = 0;
@Builder.Default
private int maxRequestHeaderSize = 8192;
+
+ @Builder.Default
+ private boolean enableTLS = false;
+
+ private String tlsKeyPath;
+ private String tlsCertChainPath;
+
}
