feat(https): add config option for skipping cert verification

config/ntopng-exporter.yaml

@@ -1,5 +1,6 @@
 ntopng:
   endpoint: "http://127.0.0.1:3000"
+  allowUnsafeTLS: false # set to true to accept self-signed or otherwise unverifiable certs from ntopng (default: false)
   user: admin
   password: admin
   authMethod: cookie # cookie, basic, or none are accepted values
@@ -20,4 +21,4 @@ metric:
   excludeDNSMetrics: false # set to true, if you don't care about DNS metrics (also reduces number of metrics) (default: false)
   serve:
     ip: 0.0.0.0 # IP to serve metrics on, 0.0.0.0 is all interfaces (default: 0.0.0.0)
-    port: 3001 # port to serve metrics on (default: 3001)
+    port: 3001 # port to serve metrics on (default: 3001)

internal/config/config.go

@@ -30,6 +30,7 @@ type ntopng struct {
 	AuthMethod     string
 	ScrapeInterval string
 	ScrapeTargets  []string
+	AllowUnsafeTLS bool
 }
 
 type host struct {
@@ -73,6 +74,7 @@ func ParseConfig() (Config, error) {
 	viper.SetDefault("ntopng.metric.serve.ip", "0.0.0.0")
 	viper.SetDefault("ntopng.metric.serve.port", 3001)
 	viper.SetDefault("ntopng.scrapeTargets", "all")
+	viper.SetDefault("ntopng.allowUnsafeTLS", false)
 
 	// Unmarshal config into struct
 	err = viper.Unmarshal(&config)
@@ -138,8 +140,8 @@ func (c Config) String() string {
 }
 
 func (n ntopng) String() string {
-	return fmt.Sprintf("\t%s: '%s'/'%s' - %s\n\tScrape Interval: %s\n\tScrape Targets: %s",
-		n.EndPoint, n.User, n.Password, n.AuthMethod, n.ScrapeInterval, n.ScrapeTargets)
+	return fmt.Sprintf("\t%s: '%s'/'%s' - %s - Allow Unsafe TLS? %t\n\tScrape Interval: %s\n\tScrape Targets: %s",
+		n.EndPoint, n.User, n.Password, n.AuthMethod, n.AllowUnsafeTLS, n.ScrapeInterval, n.ScrapeTargets)
 }
 
 func (h host) String() string {

internal/ntopng/controller.go

@@ -2,6 +2,7 @@ package ntopng
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"github.com/aauren/ntopng-exporter/internal"
@@ -75,7 +76,7 @@ func (c *Controller) CacheInterfaceIds() error {
 	}
 	c.setCommonOptions(req, false)
 
-	body, status, err := getHttpResponseBody(req)
+	body, status, err := getHttpResponseBody(getHttpClient(c.config.Ntopng.AllowUnsafeTLS), req)
 	if status != http.StatusOK {
 		if body != nil {
 			return fmt.Errorf("request to interface endpoint was not successful. Status: '%d', Response: '%v'",
@@ -135,7 +136,7 @@ func (c *Controller) scrapeHostEndpoint(interfaceId int, tempNtopHosts map[strin
 	}
 	c.setCommonOptions(req, true)
 
-	body, status, err := getHttpResponseBody(req)
+	body, status, err := getHttpResponseBody(getHttpClient(c.config.Ntopng.AllowUnsafeTLS), req)
 	if status != http.StatusOK {
 		if body != nil {
 			return fmt.Errorf("request to host endpoint was not successful. Status: '%d', Response: '%v'",
@@ -214,7 +215,7 @@ func (c *Controller) scrapeInterfaceEndpoint(interfaceId int, tempInterfaces map
 	}
 	c.setCommonOptions(req, false)
 
-	body, status, err := getHttpResponseBody(req)
+	body, status, err := getHttpResponseBody(getHttpClient(c.config.Ntopng.AllowUnsafeTLS), req)
 	if status != http.StatusOK {
 		if body != nil {
 			return fmt.Errorf("request to interface data endpoint was not successful. Status: '%d', Response: '%v'",
@@ -254,3 +255,11 @@ func (c *Controller) setCommonOptions(req *http.Request, isJsonRequest bool) {
 		req.SetBasicAuth(c.config.Ntopng.User, c.config.Ntopng.Password)
 	}
 }
+
+func getHttpClient(allowInsecure bool) *http.Client {
+	customTransport := http.DefaultTransport.(*http.Transport).Clone()
+	if allowInsecure {
+		customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+	return &http.Client{Transport: customTransport}
+}

internal/ntopng/utils.go

@@ -8,9 +8,8 @@ import (
 	"strconv"
 )
 
-func getHttpResponseBody(req *http.Request) (*[]byte, int, error) {
+func getHttpResponseBody(client *http.Client, req *http.Request) (*[]byte, int, error) {
 	var body []byte
-	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
 		return &body, 0, err