get better profileo on worker process

Signed-off-by: Ava Hahn <a.hahn@f5.com>
2025-10-06 16:19:20 +00:00 · 2025-10-06 16:19:20 +00:00 · 4acd439e8a
commit 4acd439e8a
parent 78baa850a8
6 changed files with 372 additions and 29 deletions
--- a/keepalive-svc.go
+++ b/keepalive-svc.go
@ -1,32 +1,95 @@
 package main

+
 import (
-	"fmt"
-  "net"
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"math/big"
+	"net"
 	"net/http"
+	"os"
 	"time"
+	"fmt"
 )

+func generateSelfSignedCert(host string) (tls.Certificate, error) {
+	cert := &x509.Certificate{
+		SerialNumber:          big.NewInt(0),
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature,
+		BasicConstraintsValid: true,
+	}
+
+	cert.DNSNames = []string{host}
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &certPrivKey.PublicKey, certPrivKey)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	certPEM := new(bytes.Buffer)
+	pem.Encode(certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+	certPrivKeyPEM := new(bytes.Buffer)
+	pem.Encode(certPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	})
+	serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivKeyPEM.Bytes())
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	return serverCert, err
+}
+
 type myHandler struct{
 	nreq int
 }

 func (h myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-  fmt.Printf("accepted request number %d", h.nreq)
+	fmt.Printf("accepted request number %d", h.nreq)
 	fmt.Fprintf(w, "request number: %d", h.nreq)
 }

 func main() {
+	hostname, err := os.Hostname()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	cert, err := generateSelfSignedCert(hostname)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	tlsConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		ClientAuth: tls.RequireAnyClientCert,
+	}
+
 	srv := &http.Server{
 		Addr:         ":8080",
 		Handler:      myHandler{nreq: 0},
-		ReadTimeout:  5 * time.Second,
-		WriteTimeout: 10 * time.Second,
-		IdleTimeout:  300 * time.Second,
-    ConnState: func(conn net.Conn, event http.ConnState) {
-      fmt.Printf("addr: %s, changed state to: %s", conn.RemoteAddr(), event.String())
-    },
+		ReadTimeout:  5 * time.Minute,
+		WriteTimeout: 5 * time.Minute,
+		IdleTimeout:  5 * time.Minute,
+		ConnState: func(conn net.Conn, event http.ConnState) {
+			fmt.Printf("addr: %s, changed state to: %s", conn.RemoteAddr(), event.String())
+		},
+		TLSConfig: tlsConfig,
 	}

-	srv.ListenAndServe()
+	srv.ListenAndServeTLS("", "")
 }