Nikolay
dc98abf28b
app/vmauth: do not return invalid credentials ( #4288 )
...
at http response by default
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4188
based on https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4190
Thanks @raj-kumar-j for init implementation
2023-05-17 00:11:50 -07:00
Aliaksandr Valialkin
bc144e2b05
all: follow-up for 7a3e16e774
...
- Sync the description for -httpListenAddr.useProxyProtocol command-line flag at vmagent and vmauth,
so it is consistent with the description at vmauth and victoria-metrics
- Add a sample of panic text to docs/CHANGELOG.md, so it could be googled
- Mention the -httpListenAddr.useProxyProtocol command-line flag in the description for the bugfix
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
2023-03-12 01:19:55 -08:00
Nikolay
c80d0aaaf0
lib/netutil: fixes panic at proxy protocol ( #3905 )
...
it may occur if non proxy protocol message received by tcp server.
Listener Accept method must return only non-recoverable errors.
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
2023-03-12 01:12:53 -08:00
Aliaksandr Valialkin
18bf18b8b9
app/vmauth: limit the number of concurrent requests served by vmauth
with the -maxConcurrentRequests
command-line flag
...
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3346
This commit is based on the https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3486
2023-01-27 14:07:53 -08:00
Aliaksandr Valialkin
27ec56ffb1
app/vmauth: do not use net/http/httputil.ReverseProxy
...
This allows better controlling requests to backends and providing better error logging.
For example, if the backend was unavailable, then the ReverseProxy was logging the error
message without client ip and the initial request uri. This could harden debugging.
This is based on https://github.com/VictoriaMetrics/VictoriaMetrics/pull/3486
2023-01-27 13:40:53 -08:00
Aliaksandr Valialkin
341026902e
app/vmauth: pass the target url to reverse proxy via context.Value instead of request header
...
This is less hacky way, since it doesn't clash with request headers
2023-01-27 12:16:55 -08:00
Nikolay
ebebaecd94
lib/netutil: init implimentation of proxy protocol ( #3687 )
...
* lib/netutil: init implimentation of proxy protocol
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3335
* wip
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2023-01-26 23:25:22 -08:00
Aliaksandr Valialkin
aa027529eb
lib/httpserver: directly pass flag value to CheckAuthFlag()
...
There is no sense in passing a pointer to flag value there.
This is a follow-up for 4225a0bd75
2023-01-10 15:59:55 -08:00
Zakhar Bessarab
10f314cdbd
Use httpAuth.*
flags as a fallback for endpoints protected by *AuthKey
flags ( #3582 )
...
* {lib/server, app/}: use `httpAuth.*` flag as fallback for `*AuthKey` if it is not set
* lib/ingestserver/opentsdbhttp: fix opentdb HTTP handler not respecting `httpAuth.*` flags
* Apply suggestions from code review
Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
2023-01-10 15:57:55 -08:00
Aliaksandr Valialkin
c0c9f30870
lib/pushmetrics: properly handle errors when initializing pushmetrics
2022-07-22 13:38:25 +03:00
Aliaksandr Valialkin
fe68bb3ba7
all: follow-up after 46f803fa7a
...
Add -pushmetrics.* command-line flags to all the VictoriaMetrics apps
2022-07-21 20:18:25 +03:00
Diego Circelli
43dfa421c3
Token authorization scheme ( #2288 )
2022-03-18 18:42:07 +02:00
Aliaksandr Valialkin
305507930c
app/vmauth: initialize reverse proxy only after flag.Parse() is called
...
This should properly take into accoun the `-maxIdleConnsPerBackend` command-line flag value.
Previously it was hardcoded to 100.
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1300
2021-11-09 19:23:44 +02:00
Aliaksandr Valialkin
559dd996c4
app/vmauth: add ability to specify http headers to send in requests to backends
...
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1736
2021-10-22 19:11:35 +03:00
Aliaksandr Valialkin
0a1982b294
app/vmauth: fix metric name prefixes: vmagent
-> vmauth
2021-10-19 15:30:16 +03:00
Roman Khavronenko
f393145843
Adjust http.Transport.MaxIdleConns
setting for vmauth/vmalert services ( #1704 )
...
* vmalert: adjust `http.Transport.MaxIdleConns` value accordingly to `http.Transport.MaxIdleConnsPerHost`
`http.Transport.MaxIdleConnsPerHost` setting is controlled by `datasource.maxIdleConnections` flag,
while `http.Transport.MaxIdleConns` is inherited from DefaultTransport and is equal to `100`.
The fix adjusts `http.Transport.MaxIdleConns` value if it is lower than `http.Transport.MaxIdleConnsPerHost`.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
* vmauth: adjust `http.Transport.MaxIdleConns` value accordingly to `http.Transport.MaxIdleConnsPerHost`
`http.Transport.MaxIdleConnsPerHost` setting is controlled by `maxIdleConnsPerBackend` flag,
while `http.Transport.MaxIdleConns` is inherited from DefaultTransport and is equal to `100`.
The fix adjusts `http.Transport.MaxIdleConns` value if it is lower than `http.Transport.MaxIdleConnsPerHost`.
Signed-off-by: hagen1778 <roman@victoriametrics.com>
2021-10-13 19:23:52 +03:00
Aliaksandr Valialkin
5e5ce27df7
app/vmauth: do not log invalid auth tokens by default for security reasons
...
The logging can be enabled by passing `-logInvalidAuthTokens` command-line flag to vmauth
2021-09-14 12:20:17 +03:00
Aliaksandr Valialkin
0672cfffa2
app/vmauth: properly handle http.ErrAbortHandler panic
...
This panic can be raised by the reverseProxy on aborted request to the backend.
So handle it (e.g. suppress) at reverseProxy.ServeHTTP call.
Do not suppress the panic at lib/httpserver generic HTTP handler,
since it may result in an inconsistent state left after the panicking handler.
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1353
2021-06-11 12:54:37 +03:00
Aliaksandr Valialkin
6139f6ed6d
app/vmauth: add ability to protect /-/reload
endpoint with authKey
2021-05-20 18:48:34 +03:00
Aliaksandr Valialkin
7fe362deb1
app/vmauth: reload -auth.config
on the request to /-/reload
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1194
2021-05-18 02:24:37 +03:00
Aliaksandr Valialkin
a6cb4f10a7
app/{vmalert,vmauth}: explicitly set MaxIdleConnsPerHost in net/http.Client.Transport
...
By default MaxIdleConnsPerHost is set to 2. This limits the possibility to re-use http keep-alive connections.
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1300
2021-05-14 18:13:34 +03:00
Aliaksandr Valialkin
e7c4fde756
app/vmauth: parse url_prefix
only once during config load
2021-04-21 10:57:17 +03:00
Aliaksandr Valialkin
6dc5d3b357
all: rename https://victoriametrics.github.io to https://docs.victoriametrics.com
2021-04-20 20:20:01 +03:00
Aliaksandr Valialkin
89771d082d
app/vmauth: add support for authorization via Authorization: Bearer <token>
2021-04-02 22:15:07 +03:00
Aliaksandr Valialkin
9e88ff3075
app/vmauth: add ability to route requests from a single users to multiple targets depending on the requested path
...
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/1064
2021-02-11 12:41:38 +02:00
Aliaksandr Valialkin
fc82c22e50
docs: consistently use links to https://victoriametrics.github.io for documentation references
2020-12-11 21:09:17 +02:00
Aliaksandr Valialkin
1a237c6903
all: properly handle CPU limits set on the host system/container
...
This can reduce memory usage on systems with enabled CPU limits.
Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/946
2020-12-08 21:07:03 +02:00
Aliaksandr Valialkin
bdac2171f1
all: do not print usage info for all the flags when incorrect command-line flag is passed
...
This should improve usability for VictoriaMetrics apps that have big number of command-line flags,
i.e. all the apps.
2020-12-03 21:46:19 +02:00
Aliaksandr Valialkin
6721e47ae9
app: respect CPU limits set via cgroups
...
Update GOMAXPROCS to limits set via cgroups. This should reduce CPU trashing and reduce memory usage
for cases when VictoriaMetrics components run in containers with CPU limits.
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/685
2020-08-11 23:01:03 +03:00
ofen
3fea7c39be
401 Unauthorize HTTP error added ( #681 )
...
401 Unauthorize HTTP error added to trigger browser credentials pop-up promt [RFC 7235 https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication ]
2020-08-09 09:39:37 +03:00
Aliaksandr Valialkin
31ef39e8da
lib/httpserver: log remote address in error message from httpserver.Errorf
...
This should improve detection of the root cause of errors.
Thanks to Anant for the idea.
2020-07-20 14:06:29 +03:00
Aliaksandr Valialkin
c1be462d42
app/vmauth: disable automatic response compression/uncompression, since it may work improperly in some cases
...
See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/535
2020-06-05 20:14:07 +03:00
Aliaksandr Valialkin
3848ea3a4a
app/vmauth: print brief usage info for vmauth -help
2020-06-05 10:40:11 +03:00
Aliaksandr Valialkin
2784015a4d
all: print --help
output to stdout instead of stderr
...
This is easier to grep and pipe
2020-05-16 12:03:06 +03:00
Aliaksandr Valialkin
2b403d3f42
app/vmauth: prevent from attacks with ..
in path for accessing resources outside the configured url_prefix
2020-05-07 12:55:04 +03:00
Aliaksandr Valialkin
782fb30cd0
app/vmauth: build fixes
2020-05-05 11:03:25 +03:00
Aliaksandr Valialkin
de31d16154
app/vmauth: add initial version of vmauth. See https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmauth/README.md for details
2020-05-05 10:56:20 +03:00