To avoid running into an issue in the race unit test with the Prometheus
histogram metrics that aren't concurrency safe, we don't register any of
them if Prometheus isn't enabled in the first place.
This shouldn't be an issue in production, since we don't start multiple
instances of Aperture _within the same process_ at the same time.
Set the ping and pong intervals of the websocket proxy to zero in order
to disable them. This is needed since a browser client is unable to
respond to these pings.
We want aperture to handle some of the incoming requests on its own,
without forwarding/proxying them to a remote backend. Those "local"
services can register themselves and will be given every request for
inspection. If a service decides to handle it locally, the request is
passed to that service and not forwarded.
To make it easier to use aperture in a setup where we only need its
proxy functionality but not its LSAT capabilities, we add the option to
disable the authenticator. This makes it possible to run aperture
without needing to connect it to an lnd node.
We refactor the main Aperture service code into a struct that can be
started and stopped. This allows aperture to be used more easily as a library in
other projects.
We update the compile time dependency of lnd to version 0.13.0-beta to
make it easier to run aperture in the same process as other projects
which also updated.
The runtime dependency is still kept at v0.12.0-beta as we don't use any
new RPCs.
To make sure we can capture errors in the challenger's invoice
subscription, we hand the main error channel to the challenger so it can
report back errors on it.
In this commit, we modify our cipher suites and required TLS versions to
allow anything greater than TL 1.1. TLS 1.0 (sslv3) is broken so we
require versions that're safely above that. Without this change, widely
used clients such as `openssl` will fail to connect out to an Aperture
proxy.
In case we use an externally provided certificate (which is created by
an external Let's Encrypt process for example), we don't want to try to
renew it. We identify our own certificates by the organization field we
set.
