make insecure upstream servers configurable

This commit is contained in:
Willy Kloucek
2020-12-02 14:59:44 +01:00
parent 5be1970322
commit 200872b3b4
4 changed files with 23 additions and 0 deletions

View File

@@ -0,0 +1,8 @@
Change: Proxy allow insecure upstreams
Tags: proxy
We can now configure the proxy if insecure upstream servers are allowed.
This was added since you need to disable certificate checks fore some situations like testing.
https://github.com/owncloud/ocis/pull/1007

View File

@@ -106,6 +106,7 @@ type Config struct {
PreSignedURL PreSignedURL
AutoprovisionAccounts bool
EnableBasicAuth bool
Insecure bool
}
// OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request

View File

@@ -185,6 +185,13 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
EnvVars: []string{"PROXY_REVA_GATEWAY_ADDR"},
Destination: &cfg.Reva.Address,
},
&cli.BoolFlag{
Name: "insecure",
Value: false,
Usage: "allow insecure communication to upstream servers",
EnvVars: []string{"PROXY_INSECURE"},
Destination: &cfg.Insecure,
},
// OIDC

View File

@@ -2,6 +2,7 @@ package proxy
import (
"context"
"crypto/tls"
"net/http"
"net/http/httputil"
"net/url"
@@ -37,6 +38,12 @@ func NewMultiHostReverseProxy(opts ...Option) *MultiHostReverseProxy {
}
rp.Director = rp.directorSelectionDirector
rp.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: options.Config.Insecure,
},
}
if options.Config.Policies == nil {
rp.logger.Info().Str("source", "runtime").Msg("Policies")
options.Config.Policies = defaultPolicies()