outposts/proxy: fix upstream ssl certificate not being ignored if configured to do so
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
948ea7b087
commit
223d9ad414
|
|
@ -1,17 +1,26 @@
|
|||
package application
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"goauthentik.io/internal/outpost/ak"
|
||||
"goauthentik.io/internal/outpost/proxyv2/metrics"
|
||||
"goauthentik.io/internal/outpost/proxyv2/templates"
|
||||
"goauthentik.io/internal/utils/web"
|
||||
)
|
||||
|
||||
func (a *Application) getUpstreamTransport() http.RoundTripper {
|
||||
return &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: *a.proxyConfig.InternalHostSslValidation},
|
||||
}
|
||||
}
|
||||
|
||||
func (a *Application) configureProxy() error {
|
||||
// Reverse proxy to the application server
|
||||
u, err := url.Parse(*a.proxyConfig.InternalHost)
|
||||
|
|
@ -19,6 +28,7 @@ func (a *Application) configureProxy() error {
|
|||
return err
|
||||
}
|
||||
rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)}
|
||||
rp.Transport = ak.NewTracingTransport(context.TODO(), a.getUpstreamTransport())
|
||||
rp.ErrorHandler = NewProxyErrorHandler(templates.GetTemplates())
|
||||
rp.ModifyResponse = a.proxyModifyResponse
|
||||
a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
|
|
|
|||
Reference in New Issue