Add TLS support for Syslog TCP Server (openobserve#6956)

Features:
- Setup TLS server using tcp as the transport
- API endpoint for certificate download: `GET /api/syslog-tcp-server-ca-cert`, `GET /api/syslog-tcp-server-cert`

The corresponding documentation updates are listed in this PR: openobserve/openobserve-docs#67

Issue addressed: openobserve#6956

Author: technusm1

Cargo.lock

@@ -188,12 +188,14 @@ actix-service = "2.0.3"
 actix-utils = "3.0.1"
 derive_more = { version = "2.0.1", features = ["full"] }
 brotli = "8.0.1"
+tokio-rustls = "0.26.1"
 
 [dev-dependencies]
 async-walkdir.workspace = true
 expect-test.workspace = true
 base64 = "0.22"
 float-cmp = "0.10"
+rcgen = "0.13"
 
 [workspace]
 members = [
@@ -339,6 +341,7 @@ tempfile = "3"
 thiserror = "1.0"
 time = "0.3"
 tokio = { version = "1", features = ["full"] }
+tokio-rustls = "0.26"
 tokio-util = { version = "0.7.12", features = ["compat"] }
 tokio-stream = "0.1"
 tonic = { version = "0.12.3", features = ["gzip", "prost", "tls"] }

Cargo.toml

@@ -29,7 +29,7 @@ _cov_test() {
     cargo llvm-cov test \
         --workspace \
         --verbose \
-        --ignore-filename-regex job \
+        --ignore-filename-regex 'job|.*generated.*' \
         "$@"
 }
 

coverage.sh

@@ -3268,6 +3268,7 @@ mod tests {
                 file_download_priority_queue_window_secs: Default::default(),
                 file_download_enable_priority_queue: Default::default(),
                 histogram_enabled: Default::default(),
+                calculate_stats_step_limit: Default::default(),
             },
             compact: config::Compact {
                 enabled: bool::default(),

src/common/utils/auth_tests.rs

@@ -59,6 +59,7 @@ impl RedirectResponse {
                 .append_header((LOCATION, redirect_uri))
                 .finish()
         } else {
+            // if the URL is too long, we send the original URL and let FE handle the redirect.
             let html = format!(
                 r#"
                 <!DOCTYPE html>

src/common/utils/redirect_response.rs

@@ -76,6 +76,7 @@ tracing-subscriber.workspace = true
 urlencoding.workspace = true
 utoipa.workspace = true
 vrl.workspace = true
+rustls = "0.23.20"
 
 [dev-dependencies]
 expect-test.workspace = true

src/config/Cargo.toml

@@ -659,6 +659,14 @@ pub struct TCP {
     pub tcp_port: u16,
     #[env_config(name = "ZO_UDP_PORT", default = 5514)]
     pub udp_port: u16,
+    #[env_config(name = "ZO_TCP_TLS_ENABLED", default = false)]
+    pub tcp_tls_enabled: bool,
+    #[env_config(name = "ZO_TCP_TLS_CERT_PATH", default = "")]
+    pub tcp_tls_cert_path: String,
+    #[env_config(name = "ZO_TCP_TLS_KEY_PATH", default = "")]
+    pub tcp_tls_key_path: String,
+    #[env_config(name = "ZO_TCP_TLS_CA_CERT_PATH", default = "")]
+    pub tcp_tls_ca_cert_path: String,
 }
 
 #[derive(EnvConfig)]