diff --git a/changelog/unreleased/proxy-allow-insecure-upstreams.md b/changelog/unreleased/proxy-allow-insecure-upstreams.md new file mode 100644 index 0000000000..ed098e39de --- /dev/null +++ b/changelog/unreleased/proxy-allow-insecure-upstreams.md @@ -0,0 +1,8 @@ +Change: Proxy allow insecure upstreams + +Tags: proxy + +We can now configure the proxy if insecure upstream servers are allowed. +This was added since you need to disable certificate checks fore some situations like testing. + +https://github.com/owncloud/ocis/pull/1007 diff --git a/proxy/pkg/config/config.go b/proxy/pkg/config/config.go index 388d819142..09d86626ff 100644 --- a/proxy/pkg/config/config.go +++ b/proxy/pkg/config/config.go @@ -106,6 +106,7 @@ type Config struct { PreSignedURL PreSignedURL AutoprovisionAccounts bool EnableBasicAuth bool + Insecure bool } // OIDC is the config for the OpenID-Connect middleware. If set the proxy will try to authenticate every request diff --git a/proxy/pkg/flagset/flagset.go b/proxy/pkg/flagset/flagset.go index 3a1371a40f..91a3135703 100644 --- a/proxy/pkg/flagset/flagset.go +++ b/proxy/pkg/flagset/flagset.go @@ -185,6 +185,13 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag { EnvVars: []string{"PROXY_REVA_GATEWAY_ADDR"}, Destination: &cfg.Reva.Address, }, + &cli.BoolFlag{ + Name: "insecure", + Value: false, + Usage: "allow insecure communication to upstream servers", + EnvVars: []string{"PROXY_INSECURE"}, + Destination: &cfg.Insecure, + }, // OIDC diff --git a/proxy/pkg/proxy/proxy.go b/proxy/pkg/proxy/proxy.go index 54fb95a3b4..fe057f11a1 100644 --- a/proxy/pkg/proxy/proxy.go +++ b/proxy/pkg/proxy/proxy.go @@ -2,6 +2,7 @@ package proxy import ( "context" + "crypto/tls" "net/http" "net/http/httputil" "net/url" @@ -37,6 +38,12 @@ func NewMultiHostReverseProxy(opts ...Option) *MultiHostReverseProxy { } rp.Director = rp.directorSelectionDirector + rp.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: options.Config.Insecure, + }, + } + if options.Config.Policies == nil { rp.logger.Info().Str("source", "runtime").Msg("Policies") options.Config.Policies = defaultPolicies()