common icon indicating copy to clipboard operation
common copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Set HTTP hostname based on TLS server name

Open fpetkovski opened this issue 3 years ago • 6 comments

The net/http library uses the Host field from the Request object in order to determine the value of the Host header [1]. In order for the Prometheus client to support SNI, it needs to set this field to the value provided in the TLS server name.

[1] https://github.com/golang/go/issues/29865

Signed-off-by: fpetkovski [email protected]

Fixes https://github.com/prometheus/prometheus/issues/9403

fpetkovski avatar Dec 21 '21 14:12 fpetkovski

Hello,

Thank you for your contribution. I am surprised that SNI does not work out of the box.

I am not willing to have this repository depend on client_golang. We have an exception for an interface in version, and the tests in sigv4, but that's it.

roidelapluie avatar Dec 21 '21 14:12 roidelapluie

Thanks for the feedback. Could you point me to where the dependency to client_golang is introduced in this PR? Do you mean because we are referencing the TLS config?

fpetkovski avatar Dec 21 '21 15:12 fpetkovski

The initial commit introduced a dependency. Then it was force pushed.

I can not merge this as is, I need to check that 1. SNI works even with our connection pooling and 2. This does not break blackbox exporter, which has similar logic.

roidelapluie avatar Dec 22 '21 10:12 roidelapluie

Ah yes, that seems to be correct: https://github.com/prometheus/common/commit/038724fffa024b190650f1cf95adaf7fd57eaa96#diff-cdb28b391884a82ef481177749e35ba9c3c54bda95d93ffe3d5f3ba1c67c2c5eR35

fpetkovski avatar Dec 22 '21 11:12 fpetkovski

after thinking twice, the TLS servername should come from the header, not the other way around.

roidelapluie avatar Jan 10 '22 15:01 roidelapluie

What do you mean by this? Isn't the TLS server name a user provided config?

fpetkovski avatar Jan 10 '22 16:01 fpetkovski