No support for SSL certificates

corentinaltepe / nlog.loki

NLog target for Loki using an HTTP client

BSD 3-Clause "New" or "Revised" License

22 stars 7 forks source link

No support for SSL certificates #76

Open WildMattock opened 1 year ago

WildMattock commented 1 year ago

Connecting to Loki that is installed in a local version of Kubernetes it is not possible to define the attributes to use the certificate in the connection.

corentinaltepe commented 1 year ago

Hi, what sort of configuration would you need to specify?

NLog.Loki uses HttpClient. Would the following config work for you (extract from this SO post)?

var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2("cert.crt"));
var client = new HttpClient(handler);

Would specifying the TSL version and the certificate file path be sufficient? Anything else?

WildMattock commented 1 year ago

Hi, thanks for the reply. I think few things more are needed:

Self signed certificates validation handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; This is used to ignore validation for the self signed certificates (used for local environments and/or test environments).
Support for .net core Not only "HttpClientHandler" must be updated but also "SocketsHttpHandler" and "WebRequestHandler".

Thank you.

lmalmeida commented 4 months ago

One vote more for this one.

We use an internal CA for our certificates, and plan is to use nlog.loki from Azure Webapp. It is not trivial to cheaply add certificates to trusted cert store, so options are to disable certificate validation or have a custom validation callback. Plan would be to have authentication, over a secure channel, on calls to loki.