Make it possible to configure httpc TLS and timeout options

rabbitmq / rabbitmq-server

Open source RabbitMQ: core server and tier 1 (built-in) plugins

https://www.rabbitmq.com/

Other

12.3k stars 3.91k forks source link

Make it possible to configure httpc TLS and timeout options #2525

Open lukebakken opened 5 years ago

lukebakken commented 5 years ago

Originally reported here: rabbitmq/rabbitmq-peer-discovery-consul#14

The httpc module's request method takes a HTTPOptions parameter, which can be used to pass TLS options. Currently we don't pass any options to client requests, and httpc does not pick up any ssl application settings (that I can see).

Also see https://bugs.erlang.org/browse/ERL-922

Blocks rabbitmq/rabbitmq-peer-discovery-common#6 and rabbitmq/rabbitmq-website#567

Timeout

Reported in rabbitmq/rabbitmq-peer-discovery-consul#30

There is no way to specify an httpc request timeout beyond 2250ms. Note that adding this ability requires that associated gen_server timeouts must also be increased, as per rabbitmq/rabbitmq-peer-discovery-aws#25

lukebakken commented 5 years ago

With regard to ERL-922, we won't need to add the Connection: close header as we want connections to remain open if possible. We just need to pass ssl options via the HTTPOptions parameter.

adragoset commented 4 years ago

This is pretty important. I cant use the consul peer discovery backend at all right now since it will not pickup any ssl settings and my cluster is secured. I ended up reading through all the code and realizing none of the ssl settings get used by httpc and they do not get picked up from the advanced config as all the other issues about this stated, then found this ticket.

lukebakken commented 4 years ago

I ended up reading through all the code and realizing none of the ssl settings get used by httpc and they do not get picked up from the advanced config

We will try to find time to implement a fix. If you require it urgenly, I suggest submitting a pull request with the fix or paying for the feature - https://www.rabbitmq.com/#support

adragoset commented 4 years ago

Thanks for the reply i can wait for a fix too come through the normal means. In the meantime i am going to attempt to use consul template to render a dynamic config and strap a rabbitmq cluster together through config files which is the other way to approach this if you are using consul. Hopefully others will find this issue until the fix gets implemented.

On Sun, Oct 25, 2020 at 10:06 AM Luke Bakken notifications@github.com wrote:

I ended up reading through all the code and realizing none of the ssl settings get used by httpc and they do not get picked up from the advanced config

We will try to find time to implement a fix. If you require it urgenly, I suggest submitting a pull request with the fix or paying for the feature - https://www.rabbitmq.com/#support

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/rabbitmq/rabbitmq-peer-discovery-common/issues/9#issuecomment-716162936, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANN5DT2HYVGVATVPQ2GKSTSMQ5HXANCNFSM4HIGBYNQ .

-- Alexander Dragoset Software Engineer

michaelklishin commented 4 years ago

@adragoset if this is pretty important, consider contributing it. This is open source software after all. Asking others to fix it for you is not the open source way.