Skip to content

Commit

Permalink
Add SSL/TLS support to nginx input plugin
Browse files Browse the repository at this point in the history
Import required packages
  • Loading branch information
Bob Shannon committed Jun 3, 2017
1 parent 37e0180 commit 30ee576
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 11 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
- [#2773](https://github.com/influxdata/telegraf/pull/2773): Add support for self-signed certs to InfluxDB input plugin
- [#2581](https://github.com/influxdata/telegraf/pull/2581): Add Docker container environment variables as tags. Only whitelisted
- [#2817](https://github.com/influxdata/telegraf/pull/2817): Added timeout option to IPMI sensor plugin
- [#2883](https://github.com/influxdata/telegraf/pull/2883): Add support for an optional SSL/TLS configuration to nginx input plugin

### Bugfixes

Expand Down
7 changes: 7 additions & 0 deletions plugins/inputs/nginx/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@
[[inputs.nginx]]
## An array of Nginx stub_status URI to gather stats.
urls = ["http://localhost/server_status"]
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
```

### Measurements & Fields:
Expand Down
46 changes: 35 additions & 11 deletions plugins/inputs/nginx/nginx.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,33 @@ import (
"time"

"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/internal"
"github.com/influxdata/telegraf/plugins/inputs"
)

type Nginx struct {
// List of status URLs
Urls []string
// Path to CA file
SSLCA string `toml:"ssl_ca"`
// Path to client cert file
SSLCert string `toml:"ssl_cert"`
// Path to cert key file
SSLKey string `toml:"ssl_key"`
// Use SSL but skip chain & host verification
InsecureSkipVerify bool
}

var sampleConfig = `
## An array of Nginx stub_status URI to gather stats.
urls = ["http://localhost/status"]
## Optional SSL Config
# ssl_ca = "/etc/telegraf/ca.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = false
`

func (n *Nginx) SampleConfig() string {
Expand All @@ -35,6 +52,22 @@ func (n *Nginx) Description() string {
func (n *Nginx) Gather(acc telegraf.Accumulator) error {
var wg sync.WaitGroup

tlsCfg, err := internal.GetTLSConfig(
n.SSLCert, n.SSLKey, n.SSLCA, n.InsecureSkipVerify)
if err != nil {
return err
}

var tr = &http.Transport{
ResponseHeaderTimeout: time.Duration(3 * time.Second),
TLSClientConfig: tlsCfg,
}

var client = &http.Client{
Transport: tr,
Timeout: time.Duration(4 * time.Second),
}

for _, u := range n.Urls {
addr, err := url.Parse(u)
if err != nil {
Expand All @@ -44,24 +77,15 @@ func (n *Nginx) Gather(acc telegraf.Accumulator) error {
wg.Add(1)
go func(addr *url.URL) {
defer wg.Done()
acc.AddError(n.gatherUrl(addr, acc))
acc.AddError(n.gatherUrl(addr, acc, client))
}(addr)
}

wg.Wait()
return nil
}

var tr = &http.Transport{
ResponseHeaderTimeout: time.Duration(3 * time.Second),
}

var client = &http.Client{
Transport: tr,
Timeout: time.Duration(4 * time.Second),
}

func (n *Nginx) gatherUrl(addr *url.URL, acc telegraf.Accumulator) error {
func (n *Nginx) gatherUrl(addr *url.URL, acc telegraf.Accumulator, client *http.Client) error {
resp, err := client.Get(addr.String())
if err != nil {
return fmt.Errorf("error making HTTP request to %s: %s", addr.String(), err)
Expand Down

0 comments on commit 30ee576

Please sign in to comment.