Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the option of enabling TLS for sending traces #12

Open
ldvc opened this issue Oct 13, 2023 · 5 comments
Open

Add the option of enabling TLS for sending traces #12

ldvc opened this issue Oct 13, 2023 · 5 comments
Assignees
@dplotnikov-f5

Comments

@ldvc
Copy link

ldvc commented Oct 13, 2023

Is your feature request related to a problem? Please describe

We would like to enforce TLS for sending our traces. But we are not able to do it for nginx traces as nginx-otel does not have any config option to enable it.

Describe the solution you'd like

Beeing able to specify:

  • that we want to send our traces over TLS
  • toggle an insecure mode in order to disable certificate verification

Describe alternatives you've considered

None.

Additional context

None.
@vladimirkokshenev
Copy link

vladimirkokshenev commented Nov 1, 2023
edited

We have this feature (and few other features) in our roadmap:

otel_exporter {
    ssl on | off;   # “off” by default
    trusted_certificate “path/to/ca/bundle“;
}

Trying to understand priorities for those. So, thank you for your interest in this module and for submitting a feature request.

@mk-raven
Copy link

I`m also interesting to use https for collector endpoint with tls option insecure_skip_verify
its very important for our stack,
How long needs to wait about this feature?

@p-pautov
Copy link
Contributor

p-pautov commented Feb 1, 2024

We are going to implement TLS export, but I'm not sure about 'insecure_skip_verify'. If you need such option, perhaps, you don't really need TLS. As a workaround for now you can try to use otelcol, which can accept HTTP and reexport via HTTPS.

@sahilganguly
Copy link

If I understand the problem correct, the way we've gotten around this is by doing the following:

  1. Create a new server block in nginx for the otel upstream
  2. Set up grpc_pass, grpc_ssl_certificate, and grpc_ssl_certificate_key in the block
  3. Point the otel_exporter block to localhost: for the server block created in step 1.
  4. We also set otel_trace off for this server block so we don't create spans for nginx sending a trace to the otel upstream.

Would that solve this use case?

@mk-raven
Copy link

mk-raven commented Apr 5, 2024

I`m also interesting to use https for collector endpoint with tls option insecure_skip_verify its very important for our stack, How long needs to wait about this feature?

I mean, need to skip certificate verification. Because, using self signed ssl and some time there are problems, with adding these everytime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplotnikov-f5 dplotnikov-f5

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ldvc @sahilganguly @vladimirkokshenev @mk-raven @p-pautov @dplotnikov-f5