From 223d9ad4140eb33cbe9dc2e8258c6efd95b1e3f8 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 11 Sep 2021 19:30:17 +0200
Subject: [PATCH] outposts/proxy: fix upstream ssl certificate not being
 ignored if configured to do so

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/proxyv2/application/mode_proxy.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/internal/outpost/proxyv2/application/mode_proxy.go b/internal/outpost/proxyv2/application/mode_proxy.go
index fa5f13fbc..a5fabb09d 100644
--- a/internal/outpost/proxyv2/application/mode_proxy.go
+++ b/internal/outpost/proxyv2/application/mode_proxy.go
@@ -1,17 +1,26 @@
 package application
 
 import (
+	"context"
+	"crypto/tls"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
 	"time"
 
 	"github.com/prometheus/client_golang/prometheus"
+	"goauthentik.io/internal/outpost/ak"
 	"goauthentik.io/internal/outpost/proxyv2/metrics"
 	"goauthentik.io/internal/outpost/proxyv2/templates"
 	"goauthentik.io/internal/utils/web"
 )
 
+func (a *Application) getUpstreamTransport() http.RoundTripper {
+	return &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: *a.proxyConfig.InternalHostSslValidation},
+	}
+}
+
 func (a *Application) configureProxy() error {
 	// Reverse proxy to the application server
 	u, err := url.Parse(*a.proxyConfig.InternalHost)
@@ -19,6 +28,7 @@ func (a *Application) configureProxy() error {
 		return err
 	}
 	rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)}
+	rp.Transport = ak.NewTracingTransport(context.TODO(), a.getUpstreamTransport())
 	rp.ErrorHandler = NewProxyErrorHandler(templates.GetTemplates())
 	rp.ModifyResponse = a.proxyModifyResponse
 	a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {