internal: reuse http transport to prevent leaking connections (#3996)
* Fix: Using the same http transport as the api * fix: Using global tlsTransport instead of newly created one
This commit is contained in:
parent
f8ef2b666f
commit
be9790ef8a
|
@ -16,6 +16,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var initialSetup = false
|
var initialSetup = false
|
||||||
|
var tlsTransport *http.RoundTripper = nil
|
||||||
|
|
||||||
func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
|
func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
|
||||||
l := log.WithField("logger", "authentik.outpost")
|
l := log.WithField("logger", "authentik.outpost")
|
||||||
|
@ -70,15 +71,19 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
|
||||||
|
|
||||||
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
|
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
|
||||||
func GetTLSTransport() http.RoundTripper {
|
func GetTLSTransport() http.RoundTripper {
|
||||||
|
if tlsTransport != nil {
|
||||||
|
return *tlsTransport
|
||||||
|
}
|
||||||
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
|
||||||
if !set {
|
if !set {
|
||||||
value = "false"
|
value = "false"
|
||||||
}
|
}
|
||||||
tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
|
||||||
InsecureSkipVerify: strings.ToLower(value) == "true",
|
InsecureSkipVerify: strings.ToLower(value) == "true",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
return tlsTransport
|
tlsTransport = &tmp
|
||||||
|
return *tlsTransport
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue