Bump github.com/docker/docker in the prod-patch-updates group

Bumps the prod-patch-updates group with 1 update: [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/docker` from 28.5.1+incompatible to 28.5.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.5.1...v28.5.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.5.2+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #185 from water-sucks/add-tls-server-name-to-healthchecks
2025-12-05 19:17:38 -06:00 · 2025-12-05 09:16:49 +00:00 · 2025-12-04 14:41:16 -05:00 · 2025-12-04 14:27:04 -05:00 · 2025-12-04 10:23:20 -05:00 · 2025-12-03 23:36:33 -05:00
5 changed files with 53 additions and 37 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,16 +2,16 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1756217674,
-        "narHash": "sha256-TH1SfSP523QI7kcPiNtMAEuwZR3Jdz0MCDXPs7TS8uo=",
+        "lastModified": 1763934636,
+        "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4e7667a90c167f7a81d906e5a75cba4ad8bee620",
+        "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
  description = "newt - A tunneling client for Pangolin";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
  };

  outputs =
@@ -22,30 +22,36 @@
        system:
        let
          pkgs = pkgsFor system;
+          inherit (pkgs) lib;

          # Update version when releasing
-          version = "1.4.2";
-
-          # Update the version in a new source tree
-          srcWithReplacedVersion = pkgs.runCommand "newt-src-with-version" { } ''
-            cp -r ${./.} $out
-            chmod -R +w $out
-            rm -rf $out/.git $out/result $out/.envrc $out/.direnv
-            sed -i "s/version_replaceme/${version}/g" $out/main.go
-          '';
+          version = "1.6.0";
        in
        {
          default = self.packages.${system}.pangolin-newt;
+
          pangolin-newt = pkgs.buildGoModule {
            pname = "pangolin-newt";
-            version = version;
-            src = srcWithReplacedVersion;
-            vendorHash = "sha256-PENsCO2yFxLVZNPgx2OP+gWVNfjJAfXkwWS7tzlm490=";
-            meta = with pkgs.lib; {
+            inherit version;
+            src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;
+
+            vendorHash = "sha256-Jbu0pz+okV4N9MHUXLcTqSr3s/k5OVZ09hNuS/+4LFY=";
+
+            env = {
+              CGO_ENABLED = 0;
+            };
+
+            ldflags = [
+              "-X main.newtVersion=${version}"
+            ];
+
+            meta = {
              description = "A tunneling client for Pangolin";
              homepage = "https://github.com/fosrl/newt";
-              license = licenses.gpl3;
-              maintainers = [ ];
+              license = lib.licenses.gpl3;
+              maintainers = [
+                lib.maintainers.water-sucks
+              ];
            };
          };
        }
@@ -54,10 +60,20 @@
        system:
        let
          pkgs = pkgsFor system;
+
+          inherit (pkgs)
+            go
+            gopls
+            gotools
+            go-outline
+            gopkgs
+            godef
+            golint
+            ;
        in
        {
          default = pkgs.mkShell {
-            buildInputs = with pkgs; [
+            buildInputs = [
              go
              gopls
              gotools
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/fosrl/newt
 go 1.25

 require (
-	github.com/docker/docker v28.5.1+incompatible
+	github.com/docker/docker v28.5.2+incompatible
 	github.com/google/gopacket v1.1.19
 	github.com/gorilla/websocket v1.5.3
 	github.com/prometheus/client_golang v1.23.2
--- a/go.sum
+++ b/go.sum
@@ -18,8 +18,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM=
-github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
+github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
--- a/healthcheck/healthcheck.go
+++ b/healthcheck/healthcheck.go
@@ -48,6 +48,7 @@ type Config struct {
 	Headers           map[string]string `json:"hcHeaders"`
 	Method            string            `json:"hcMethod"`
 	Status            int               `json:"hcStatus"` // HTTP status code
+	TLSServerName     string            `json:"hcTlsServerName"`
 }

 // Target represents a health check target with its current status
@@ -70,7 +71,6 @@ type Monitor struct {
 	targets     map[int]*Target
 	mutex       sync.RWMutex
 	callback    StatusChangeCallback
-	client      *http.Client
 	enforceCert bool
 }

@@ -78,21 +78,10 @@ type Monitor struct {
 func NewMonitor(callback StatusChangeCallback, enforceCert bool) *Monitor {
 	logger.Debug("Creating new health check monitor with certificate enforcement: %t", enforceCert)

-	// Configure TLS settings based on certificate enforcement
-	transport := &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: !enforceCert,
-		},
-	}
-
 	return &Monitor{
 		targets:     make(map[int]*Target),
 		callback:    callback,
 		enforceCert: enforceCert,
-		client: &http.Client{
-			Timeout:   30 * time.Second,
-			Transport: transport,
-		},
 	}
 }

@@ -388,6 +377,17 @@ func (m *Monitor) performHealthCheck(target *Target) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(target.Config.Timeout)*time.Second)
 	defer cancel()

+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				// Configure TLS settings based on certificate enforcement
+				InsecureSkipVerify: !m.enforceCert,
+				// Use SNI TLS header if present
+				ServerName: target.Config.TLSServerName,
+			},
+		},
+	}
+
 	req, err := http.NewRequestWithContext(ctx, target.Config.Method, url, nil)
 	if err != nil {
 		target.Status = StatusUnhealthy
@@ -402,7 +402,7 @@ func (m *Monitor) performHealthCheck(target *Target) {
 	}

 	// Perform request
-	resp, err := m.client.Do(req)
+	resp, err := client.Do(req)
 	if err != nil {
 		target.Status = StatusUnhealthy
 		target.LastError = fmt.Sprintf("request failed: %v", err)
Author	SHA1	Message	Date
dependabot[bot]	3c86edf0d5	Bump github.com/docker/docker in the prod-patch-updates group Bumps the prod-patch-updates group with 1 update: [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/docker` from 28.5.1+incompatible to 28.5.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.5.1...v28.5.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.5.2+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-05 09:16:49 +00:00
Owen Schwartz	ac691517ae	Merge pull request #185 from water-sucks/add-tls-server-name-to-healthchecks feat(healthcheck): add TLS SNI header to request when needed	2025-12-04 14:41:16 -05:00
Varun Narravula	8a45f6fd63	feat(healthcheck): add TLS SNI header to request when needed Add the Server Name Indication (SNI) field to healthcheck requests, if present in the target config. SNI handling is already present for proxying resources, but this has not been implemented for healthcheck requests yet until this commit. In order to facilitate this, this commit moves the client instantiation to when the healthcheck is performed, rather than as a part of the monitor init.	2025-12-04 14:27:04 -05:00
Owen Schwartz	7f650bbfdf	Merge pull request #184 from water-sucks/nix-fixes-this fix(nix): resolve issues and revamp the flake	2025-12-04 10:23:20 -05:00
Varun Narravula	15b40b0f24	chore(nix): sync to latest version number for newt package	2025-12-03 23:36:33 -05:00
Varun Narravula	e27e6fbce8	feat(nix): disable cgo for the newt package	2025-12-03 23:36:33 -05:00
Varun Narravula	f9fb13a0d7	chore(nix): add water-sucks to maintainers list	2025-12-03 23:36:33 -05:00
Varun Narravula	8db50d94c0	refactor(nix): remove with keyword antipattern	2025-12-03 23:36:33 -05:00
Varun Narravula	09568c1aaf	fix(nix): use correct hash for vendored deps	2025-12-03 23:36:26 -05:00
Varun Narravula	c7d656214f	fix(nix): replace version string sub with ldflags, use gitignore on src	2025-12-03 23:33:47 -05:00
Varun Narravula	d981a82b1c	chore(nix): use nixpkgs-unstable branch and update flake inputs	2025-12-03 23:33:47 -05:00