agent 增加 SSL/TLS 选项

2021-11-06 09:46:44 +08:00 · 2021-11-06 09:46:44 +08:00 · e28e7f4375
commit e28e7f4375
parent f63d8ba613
1 changed files with 11 additions and 1 deletions
--- a/cmd/agent/main.go
+++ b/cmd/agent/main.go
@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -18,6 +19,7 @@ import (
 	"github.com/p14yground/go-github-selfupdate/selfupdate"
 	flag "github.com/spf13/pflag"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"

 	"github.com/naiba/nezha/cmd/agent/monitor"
 	"github.com/naiba/nezha/cmd/agent/processgroup"
@ -38,6 +40,7 @@ type AgentConfig struct {
 	Server                string
 	ClientSecret          string
 	ReportDelay           int
+	TLS                   bool
 }

 var (
@ -80,6 +83,7 @@ func main() {
 	flag.BoolVar(&agentConf.DisableCommandExecute, "disable-command-execute", false, "禁止在此机器上执行命令")
 	flag.BoolVar(&agentConf.DisableAutoUpdate, "disable-auto-update", false, "禁用自动升级")
 	flag.BoolVar(&agentConf.DisableForceUpdate, "disable-force-update", false, "禁用强制升级")
+	flag.BoolVar(&agentConf.TLS, "tls", false, "启用SSL/TLS加密")
 	flag.Parse()

 	if agentConf.ClientSecret == "" {
@ -138,7 +142,13 @@ func run() {

 	for {
 		timeOutCtx, cancel := context.WithTimeout(context.Background(), networkTimeOut)
-		conn, err = grpc.DialContext(timeOutCtx, agentConf.Server, grpc.WithInsecure(), grpc.WithPerRPCCredentials(&auth))
+		var securityOption grpc.DialOption
+		if agentConf.TLS {
+			securityOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
+		} else {
+			securityOption = grpc.WithInsecure()
+		}
+		conn, err = grpc.DialContext(timeOutCtx, agentConf.Server, securityOption, grpc.WithPerRPCCredentials(&auth))
 		if err != nil {
 			println("与面板建立连接失败：", err)
 			cancel()