added secure connection option (#48)

apache · Apr 13, 2021 · 7a5c054 · 7a5c054
1 parent 8f19bea
commit 7a5c054
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ Environment Variable | Description | Default
 | `SW_AGENT_NAME` | The name of the service | `your-nodejs-service` |
 | `SW_AGENT_INSTANCE` | The name of the service instance | Randomly generated |
 | `SW_AGENT_COLLECTOR_BACKEND_SERVICES` | The backend OAP server address | `127.0.0.1:11800` |
+| `SW_AGENT_SECURE` | Whether to use secure connection to backend OAP server | `false` |
 | `SW_AGENT_AUTHENTICATION` | The authentication token to verify that the agent is trusted by the backend OAP, as for how to configure the backend, refer to [the yaml](https://github.com/apache/skywalking/blob/4f0f39ffccdc9b41049903cc540b8904f7c9728e/oap-server/server-bootstrap/src/main/resources/application.yml#L155-L158). | not set |
 | `SW_AGENT_LOGGING_LEVEL` | The logging level, could be one of `error`, `warn`, `info`, `debug` | `info` |
 | `SW_AGENT_DISABLE_PLUGINS` | Comma-delimited list of plugins to disable in the plugins directory (e.g. "mysql", "express"). | `` |

diff --git a/src/agent/protocol/grpc/clients/HeartbeatClient.ts b/src/agent/protocol/grpc/clients/HeartbeatClient.ts
@@ -37,9 +37,11 @@ export default class HeartbeatClient implements Client {
   private heartbeatTimer?: NodeJS.Timeout;
 
   constructor() {
-    this.managementServiceClient = new ManagementServiceClient(config.collectorAddress, grpc.credentials.createInsecure(), {
-      interceptors: [AuthInterceptor],
-    });
+    this.managementServiceClient = new ManagementServiceClient(
+      config.collectorAddress,
+      config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(),
+      { interceptors: [AuthInterceptor] },
+    );
   }
 
   get isConnected(): boolean {

diff --git a/src/agent/protocol/grpc/clients/TraceReportClient.ts b/src/agent/protocol/grpc/clients/TraceReportClient.ts
@@ -40,7 +40,7 @@ export default class TraceReportClient implements Client {
     this.buffer = new Buffer();
     this.reporterClient = new TraceSegmentReportServiceClient(
       config.collectorAddress,
-      grpc.credentials.createInsecure(),
+      config.secure ? grpc.credentials.createSsl() : grpc.credentials.createInsecure(),
       { interceptors: [AuthInterceptor] },
     );
     emitter.on('segment-finished', (segment) => {

diff --git a/src/config/AgentConfig.ts b/src/config/AgentConfig.ts
@@ -23,6 +23,7 @@ export type AgentConfig = {
   serviceName?: string;
   serviceInstance?: string;
   collectorAddress?: string;
+  secure?: boolean;
   authorization?: string;
   maxBufferSize?: number;
   disablePlugins?: string;
@@ -62,6 +63,7 @@ export default {
       return os.hostname();
     })(),
   collectorAddress: process.env.SW_AGENT_COLLECTOR_BACKEND_SERVICES || '127.0.0.1:11800',
+  secure: process.env.SW_AGENT_SECURE?.toLocaleLowerCase() === 'true',
   authorization: process.env.SW_AGENT_AUTHENTICATION,
   maxBufferSize: Number.isSafeInteger(process.env.SW_AGENT_MAX_BUFFER_SIZE) ?
     Number.parseInt(process.env.SW_AGENT_MAX_BUFFER_SIZE as string, 10) : 1000,