From 66edd16e2082e452f6eda3952d86f29ef7f4ed8e Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Mon, 16 Oct 2023 17:21:24 +0200 Subject: [PATCH] update logs for TLS Signed-off-by: Thomas Labarussias --- README.md | 3 ++- config_example.yaml | 3 ++- main.go | 18 +++++++++--------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index d6bd35ce0..fc133b21f 100644 --- a/README.md +++ b/README.md @@ -270,7 +270,8 @@ tlsserver: mutualtls: false # if true, mTLS server will be deployed instead of TLS, deploy also has to be true cacertfile: "/etc/certs/server/ca.crt" # for client certification if mutualtls is true notlsport: 2810 # port to serve http server serving selected endpoints (default: 2810) - # notlspaths: # if not empty, a separate http server will be deployed for the specified endpoints + notlspaths: # if not empty, and tlsserver.deploy is true, a separate http server will be deployed for the specified endpoints + - "/ping" # - "/metrics" # - "/healthz" ``` diff --git a/config_example.yaml b/config_example.yaml index 9a3951ae3..176d3faa1 100644 --- a/config_example.yaml +++ b/config_example.yaml @@ -22,7 +22,8 @@ tlsserver: mutualtls: false # if true, mTLS server will be deployed instead of TLS, deploy also has to be true cacertfile: "/etc/certs/server/ca.crt" # for client certification if mutualtls is true notlsport: 2810 # port to serve http server serving selected endpoints (default: 2810) - # notlspaths: # if not empty, a separate http server will be deployed for the specified endpoints + notlspaths: # if not empty, and tlsserver.deploy is true, a separate http server will be deployed for the specified endpoints + - "/ping" # - "/metrics" # - "/healthz" diff --git a/main.go b/main.go index 85416ce66..6353755a0 100644 --- a/main.go +++ b/main.go @@ -757,7 +757,7 @@ func init() { } } - log.Printf("[INFO] : Falco Sidekick version: %s\n", GetVersionInfo().GitVersion) + log.Printf("[INFO] : Falcosidekick version: %s\n", GetVersionInfo().GitVersion) log.Printf("[INFO] : Enabled Outputs : %s\n", outputs.EnabledOutputs) } @@ -835,6 +835,10 @@ func main() { log.Printf("[DEBUG] : running TLS server") } + if len(config.TLSServer.NoTLSPaths) == 0 { + log.Printf("[WARN] : tlsserver.deploy is true but tlsserver.notlspaths is empty, change tlsserver.deploy to true to deploy two servers, at least for /ping endpoint") + } + if len(config.TLSServer.NoTLSPaths) != 0 { if config.Debug { log.Printf("[DEBUG] : running HTTP server for endpoints defined in tlsserver.notlspaths") @@ -849,14 +853,14 @@ func main() { WriteTimeout: 60 * time.Second, IdleTimeout: 60 * time.Second, } - log.Printf("[INFO] : Falco Sidekick is up and listening on %s:%d and %s:%d", config.ListenAddress, config.ListenPort, config.ListenAddress, config.TLSServer.NoTLSPort) + log.Printf("[INFO] : Falcosidekick is up and listening on %s:%d for TLS and %s:%d for non-TLS", config.ListenAddress, config.ListenPort, config.ListenAddress, config.TLSServer.NoTLSPort) errs := make(chan error, 1) go serveTLS(server, errs) go serveHTTP(httpServer, errs) log.Fatal(<-errs) } else { - log.Printf("[INFO] : Falco Sidekick is up and listening on %s:%d", config.ListenAddress, config.ListenPort) + log.Printf("[INFO] : Falcosidekick is up and listening on %s:%d", config.ListenAddress, config.ListenPort) if err := server.ListenAndServeTLS(config.TLSServer.CertFile, config.TLSServer.KeyFile); err != nil { log.Fatalf("[ERROR] : %v", err.Error()) } @@ -867,14 +871,10 @@ func main() { } if config.TLSServer.MutualTLS { - log.Printf("[WARN] : tlsserver.deploy is false but tlsserver.mutualtls is true, change tlsserver.deploy to true to use mTLS") - } - - if len(config.TLSServer.NoTLSPaths) != 0 { - log.Printf("[WARN] : tlsserver.deploy is false but tlsserver.notlspaths is not empty, change tlsserver.deploy to true to deploy two servers") + log.Printf("[WARN] : tlsserver.deploy is false but tlsserver.mutualtls is true, change tlsserver.deploy to true to use mTLS") } - log.Printf("[INFO] : Falco Sidekick is up and listening on %s:%d", config.ListenAddress, config.ListenPort) + log.Printf("[INFO] : Falcosidekick is up and listening on %s:%d", config.ListenAddress, config.ListenPort) if err := server.ListenAndServe(); err != nil { log.Fatalf("[ERROR] : %v", err.Error()) }