mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2025-01-10 15:14:09 +00:00
lib/proxy: add support for socks5 over tls
proxy
This commit is contained in:
parent
6742839fd6
commit
a5c5b54c22
2 changed files with 22 additions and 12 deletions
|
@ -9,6 +9,7 @@
|
|||
* FEATURE: vmagent: add support for `follow_redirects` option to `scrape_configs` section in the same way as [Prometheus 2.26 does](https://github.com/prometheus/prometheus/pull/8546).
|
||||
* FEATURE: vmagent: add support for `authorization` section in `-promscrape.config` in the same way as [Prometheus 2.26 does](https://github.com/prometheus/prometheus/pull/8512).
|
||||
* FEATURE: vmagent: add support for socks5 proxy in `proxy_url` config option. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1177).
|
||||
* FEATURE: vmagent: add support for `socks5 over tls` proxy in `proxy_url` config option. It can be set up with the following config: `proxy_url: tls+socks5://proxy-addr:port`.
|
||||
* FEATURE: vmagent: reduce memory usage when `-remoteWrite.queues` is set to a big value. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1167).
|
||||
* FEATURE: vmagent: add AWS IAM roles for tasks support for EC2 service discovery according to [these docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
|
||||
* FEATURE: vmagent: add support for `proxy_tls_config`, `proxy_authorization`, `proxy_basic_auth`, `proxy_bearer_token` and `proxy_bearer_token_file` options to `consul_sd_config`, `dockerswarm_sd_config` and `eureka_sd_config` sections.
|
||||
|
|
|
@ -105,18 +105,13 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) {
|
|||
return defaultDialFunc, nil
|
||||
}
|
||||
pu := u.url
|
||||
if pu.Scheme != "http" && pu.Scheme != "https" && pu.Scheme != "socks5" {
|
||||
return nil, fmt.Errorf("unknown scheme=%q for proxy_url=%q, must be http, https or socks5", pu.Scheme, pu.Redacted())
|
||||
switch pu.Scheme {
|
||||
case "http", "https", "socks5", "tls+socks5":
|
||||
default:
|
||||
return nil, fmt.Errorf("unknown scheme=%q for proxy_url=%q, must be http, https, socks5 or tls+socks5", pu.Scheme, pu.Redacted())
|
||||
}
|
||||
isTLS := pu.Scheme == "https"
|
||||
isTLS := (pu.Scheme == "https" || pu.Scheme == "tls+socks5")
|
||||
proxyAddr := addMissingPort(pu.Host, isTLS)
|
||||
if pu.Scheme == "socks5" {
|
||||
return socks5DialFunc(proxyAddr, pu)
|
||||
}
|
||||
authHeader := u.GetAuthHeader(ac)
|
||||
if authHeader != "" {
|
||||
authHeader = "Proxy-Authorization: " + authHeader + "\r\n"
|
||||
}
|
||||
var tlsCfg *tls.Config
|
||||
if isTLS {
|
||||
tlsCfg = ac.NewTLSConfig()
|
||||
|
@ -124,6 +119,13 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) {
|
|||
tlsCfg.ServerName = tlsServerName(proxyAddr)
|
||||
}
|
||||
}
|
||||
if pu.Scheme == "socks5" || pu.Scheme == "tls+socks5" {
|
||||
return socks5DialFunc(proxyAddr, pu, tlsCfg)
|
||||
}
|
||||
authHeader := u.GetAuthHeader(ac)
|
||||
if authHeader != "" {
|
||||
authHeader = "Proxy-Authorization: " + authHeader + "\r\n"
|
||||
}
|
||||
dialFunc := func(addr string) (net.Conn, error) {
|
||||
proxyConn, err := defaultDialFunc(proxyAddr)
|
||||
if err != nil {
|
||||
|
@ -142,7 +144,7 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) {
|
|||
return dialFunc, nil
|
||||
}
|
||||
|
||||
func socks5DialFunc(proxyAddr string, pu *url.URL) (fasthttp.DialFunc, error) {
|
||||
func socks5DialFunc(proxyAddr string, pu *url.URL, tlsCfg *tls.Config) (fasthttp.DialFunc, error) {
|
||||
var sac *proxy.Auth
|
||||
if pu.User != nil {
|
||||
username := pu.User.Username()
|
||||
|
@ -153,7 +155,14 @@ func socks5DialFunc(proxyAddr string, pu *url.URL) (fasthttp.DialFunc, error) {
|
|||
}
|
||||
}
|
||||
network := netutil.GetTCPNetwork()
|
||||
d, err := proxy.SOCKS5(network, proxyAddr, sac, proxy.Direct)
|
||||
var dialer proxy.Dialer = proxy.Direct
|
||||
if tlsCfg != nil {
|
||||
dialer = &tls.Dialer{
|
||||
NetDialer: proxy.Direct,
|
||||
Config: tls.Config,
|
||||
}
|
||||
}
|
||||
d, err := proxy.SOCKS5(network, proxyAddr, sac, dialer)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot create socks5 proxy for url: %s, err: %w", pu.Redacted(), err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue