Skip to content

Commit

Permalink
use ssl cert of server for healthchecks
Browse files Browse the repository at this point in the history
  • Loading branch information
s4ke committed Nov 12, 2023
1 parent d3a42cb commit d239529
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion deploy/stack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ version: '3.8'

services:
app:
image: ghcr.io/s4ke/docker-swarm-multitenant-proxy:0.2.2
image: ghcr.io/s4ke/docker-swarm-multitenant-proxy:0.2.3
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
Expand Down
16 changes: 12 additions & 4 deletions docker-swarm-multitenant-proxy/healthcheck.ts
Original file line number Diff line number Diff line change
@@ -1,16 +1,24 @@
// adapted from https://github.com/BretFisher/node-docker-good-defaults
import http from 'http';
import https from 'https';
import fs from 'fs';

const TLS_DISABLED = process.env.TLS_DISABLED === '1' || process.env.TLS_DISABLED === 'true';

if (!TLS_DISABLED) {
(process.env as any)["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
var options = {
if(!process.env.TLS_KEY_FILE || !process.env.TLS_CERT_FILE || !process.env.TLS_CA_FILE) {
console.error('ERROR: TLS is enabled but one or more of the following environment variables are not set: TLS_KEY_FILE, TLS_CERT_FILE, TLS_CA_FILE');
process.exit(1);
}

let options = {
timeout: 2000,
host: 'localhost',
port: process.env.PORT || 8080,
path: '/_healthz'
path: '/_healthz',
key: fs.readFileSync(process.env.TLS_KEY_FILE),
cert: fs.readFileSync(process.env.TLS_CERT_FILE),
ca: fs.readFileSync(process.env.TLS_CA_FILE),
};

var request = https.request(options, (res) => {
Expand All @@ -26,7 +34,7 @@ if (!TLS_DISABLED) {

request.end();
} else {
var options = {
let options = {
timeout: 2000,
host: 'localhost',
port: process.env.PORT || 8080,
Expand Down

0 comments on commit d239529

Please sign in to comment.