diff --git a/http_proxy.go b/http_proxy.go index eb06d9a5..621a6a22 100644 --- a/http_proxy.go +++ b/http_proxy.go @@ -78,9 +78,19 @@ import ( const ( timeoutToDialOriginSite = 10 * time.Second - teleportHost = "telemetry.iantem.io:443" + defaultTeleportHost = "telemetry.iantem.io:443" ) +// getTelemetryEndpoint returns the OTEL endpoint to use for telemetry. +// It checks the OTEL_EXPORTER_OTLP_ENDPOINT environment variable first, +// falling back to the default if not set. +func getTelemetryEndpoint() string { + if endpoint := os.Getenv("OTEL_EXPORTER_OTLP_ENDPOINT"); endpoint != "" { + return endpoint + } + return defaultTeleportHost +} + var ( log = golog.LoggerFor("lantern-proxy") @@ -594,7 +604,7 @@ func (p *Proxy) createFilterChain(bl *blacklist.Blacklist) (filters.Chain, proxy func (p *Proxy) configureTeleportProxiedBytes() func() { log.Debug("Configuring Teleport proxied bytes") - tp, stop := otel.BuildTracerProvider(p.buildOTELOpts(teleportHost, true)) + tp, stop := otel.BuildTracerProvider(p.buildOTELOpts(getTelemetryEndpoint(), true)) if tp != nil { go p.instrument.ReportProxiedBytesPeriodically(1*time.Hour, tp) ogStop := stop @@ -609,7 +619,7 @@ func (p *Proxy) configureTeleportProxiedBytes() func() { func (p *Proxy) configureTeleportOriginBytes() func() { log.Debug("Configuring Teleport origin bytes") // Note - we do not include the proxy name here to avoid associating origin site usage with devices on that proxy name - tp, stop := otel.BuildTracerProvider(p.buildOTELOpts(teleportHost, false)) + tp, stop := otel.BuildTracerProvider(p.buildOTELOpts(getTelemetryEndpoint(), false)) if tp != nil { go p.instrument.ReportOriginBytesPeriodically(1*time.Hour, tp) ogStop := stop @@ -624,7 +634,7 @@ func (p *Proxy) configureTeleportOriginBytes() func() { func (p *Proxy) configureOTELMetrics() (func(), error) { return otel.InitGlobalMeterProvider( p.buildOTELOpts( - teleportHost, + getTelemetryEndpoint(), false, // don't include proxy name in order to reduce DataDog costs )) } diff --git a/otel/otel.go b/otel/otel.go index 93524259..2157ac09 100644 --- a/otel/otel.go +++ b/otel/otel.go @@ -2,6 +2,7 @@ package otel import ( "context" + "strings" "time" sdkotel "go.opentelemetry.io/otel" @@ -88,10 +89,18 @@ func (opts *Opts) buildResource() *resource.Resource { func BuildTracerProvider(opts *Opts) (*sdktrace.TracerProvider, func()) { // Create HTTP client to talk to OTEL collector - client := otlptracehttp.NewClient( + clientOpts := []otlptracehttp.Option{ otlptracehttp.WithEndpoint(opts.Endpoint), otlptracehttp.WithHeaders(opts.Headers), - ) + } + + // If endpoint doesn't use port 443, assume insecure (HTTP not HTTPS) + if !strings.Contains(opts.Endpoint, ":443") { + log.Debugf("Using insecure connection for OTEL endpoint %v", opts.Endpoint) + clientOpts = append(clientOpts, otlptracehttp.WithInsecure()) + } + + client := otlptracehttp.NewClient(clientOpts...) // Create an exporter that exports to the OTEL collector exporter, err := otlptrace.New(context.Background(), client) @@ -127,7 +136,7 @@ func BuildTracerProvider(opts *Opts) (*sdktrace.TracerProvider, func()) { } func InitGlobalMeterProvider(opts *Opts) (func(), error) { - exp, err := otlpmetrichttp.New(context.Background(), + metricOpts := []otlpmetrichttp.Option{ otlpmetrichttp.WithEndpoint(opts.Endpoint), otlpmetrichttp.WithHeaders(opts.Headers), otlpmetrichttp.WithTemporalitySelector(func(kind sdkmetric.InstrumentKind) metricdata.Temporality { @@ -142,7 +151,15 @@ func InitGlobalMeterProvider(opts *Opts) (func(), error) { return metricdata.CumulativeTemporality } }), - ) + } + + // If endpoint doesn't use port 443, assume insecure (HTTP not HTTPS) + if !strings.Contains(opts.Endpoint, ":443") { + log.Debugf("Using insecure connection for OTEL metrics endpoint %v", opts.Endpoint) + metricOpts = append(metricOpts, otlpmetrichttp.WithInsecure()) + } + + exp, err := otlpmetrichttp.New(context.Background(), metricOpts...) if err != nil { return nil, err }