2 years ago · 68e758d811
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
 
				 - Change `IMGPROXY_AVIF_SPEED` default value to `8`.
			
 
				 - Change `IMGPROXY_PREFERRED_FORMATS` default value to `jpeg,png,gif`.
			
 
				 - Set `Cache-Control: no-cache` header to the health check responses.
			
 
				+- Allow replacing line breaks with `\n` in `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`, `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`, and`IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`.
			
 
				 
			
 
				 ## [3.11.0] - 2022-11-17
			
 
				 ### Add
			
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -406,9 +406,9 @@ imgproxy can send request traces to an OpenTelemetry collector:
 
				 * `IMGPROXY_OPEN_TELEMETRY_PROTOCOL`: OpenTelemetry collector protocol. Supported protocols are `grpc`, `https`, and `http`. Default: `grpc`
			
 
				 * `IMGPROXY_OPEN_TELEMETRY_SERVICE_NAME`: OpenTelemetry service name. Default: `imgproxy`
			
 
				 * `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS`: when `true`, imgproxy will send metrics over OpenTelemetry Metrics API. Default: `false`
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
 
				 * `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE`: when `true`, imgproxy will use an insecure GRPC connection unless the collector TLS certificate is not provided. Default: `true`
			
 
				 * `IMGPROXY_OPEN_TELEMETRY_PROPAGATORS`: a list of OpenTelemetry text map propagators, comma divided. Supported propagators are `tracecontext`, `baggage`, `b3`, `b3multi`, `jaeger`, `xray`, and `ottrace`. Default: blank
			
 
				 * `IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR`: OpenTelemetry trace ID generator. Supported generators are `xray` and `random`. Default: `xray`
			
--- a/docs/open_telemetry.md
+++ b/docs/open_telemetry.md
@@ -42,9 +42,9 @@ If `IMGPROXY_OPEN_TELEMETRY_ENABLE_METRICS` is set to `true`, imgproxy will also
 
				 
			
 
				 If your OpenTelemetry collector is secured with TLS, you may need to specify the collector's certificate on the imgproxy side:
			
 
				 
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded. Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`: OpenTelemetry collector TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
 
				 
			
 
				 If your collector uses mTLS for mutual authentication, you'll also need to specify the client's certificate/key pair:
			
 
				 
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded. Default: blank
			
 
				-* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded. Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`: OpenTelemetry client TLS certificate, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
 
				+* `IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`: OpenTelemetry client TLS key, PEM-encoded (you can replace line breaks with `\n`). Default: blank
			
--- a/metrics/otel/otel.go
+++ b/metrics/otel/otel.go
@@ -6,6 +6,7 @@ import (
 
				 	"crypto/x509"
			
 
				 	"fmt"
			
 
				 	"net/http"
			
 
				+	"strings"
			
 
				 	"time"
			
 
				 
			
 
				 	"github.com/felixge/httpsnoop"
			
@@ -280,7 +281,7 @@ func buildTLSConfig() (*tls.Config, error) {
 
				 	}
			
 
				 
			
 
				 	certPool := x509.NewCertPool()
			
 
				-	if !certPool.AppendCertsFromPEM([]byte(config.OpenTelemetryServerCert)) {
			
 
				+	if !certPool.AppendCertsFromPEM(prepareKeyCert(config.OpenTelemetryServerCert)) {
			
 
				 		return nil, fmt.Errorf("Can't load OpenTelemetry server cert")
			
 
				 	}
			
 
				 
			
@@ -288,8 +289,8 @@ func buildTLSConfig() (*tls.Config, error) {
 
				 
			
 
				 	if len(config.OpenTelemetryClientCert) > 0 && len(config.OpenTelemetryClientKey) > 0 {
			
 
				 		cert, err := tls.X509KeyPair(
			
 
				-			[]byte(config.OpenTelemetryClientCert),
			
 
				-			[]byte(config.OpenTelemetryClientKey),
			
 
				+			prepareKeyCert(config.OpenTelemetryClientCert),
			
 
				+			prepareKeyCert(config.OpenTelemetryClientKey),
			
 
				 		)
			
 
				 		if err != nil {
			
 
				 			return nil, fmt.Errorf("Can't load OpenTelemetry client cert/key pair: %s", err)
			
@@ -301,6 +302,10 @@ func buildTLSConfig() (*tls.Config, error) {
 
				 	return &tlsConf, nil
			
 
				 }
			
 
				 
			
 
				+func prepareKeyCert(str string) []byte {
			
 
				+	return []byte(strings.ReplaceAll(str, `\n`, "\n"))
			
 
				+}
			
 
				+
			
 
				 func Stop() {
			
 
				 	if enabled {
			
 
				 		trctx, trcancel := context.WithTimeout(context.Background(), 5*time.Second)