Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
5e63ce41
Commit
5e63ce41
authored
May 14, 2018
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Verify proxy on request
parent
f1bf9213
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
31 additions
and
22 deletions
+31
-22
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+1
-1
software/caddy-frontend/templates/default-virtualhost.conf.in
...ware/caddy-frontend/templates/default-virtualhost.conf.in
+30
-21
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
5e63ce41
...
...
@@ -55,7 +55,7 @@ md5sum = 4dbb8560e4de1af2a0706b020e713fe7
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 1
f70a3005915e84091bfd6cb7c77b05c
md5sum = 1
1f1784afb63a1b79221677148bc8db6
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
...
...
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @
5e63ce41
...
...
@@ -29,14 +29,6 @@
log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
{% endif %}
# TODO-Caddy SSLProxyVerify require
# TODO-Caddy #SSLProxyCheckPeerCN on
# TODO-Caddy SSLProxyCheckPeerExpire on
{% endif %}
# TODO-Caddy SSLProtocol all -SSLv2 -SSLv3
# TODO-Caddy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
# TODO-Caddy SSLHonorCipherOrder on
...
...
@@ -66,6 +58,14 @@
proxy / {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }} {
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
{% if 'default-path' in slave_parameter %}
redir 301 {
...
...
@@ -91,9 +91,14 @@
proxy / {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }} {
transparent
timeout 600s
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
{% endif -%}
}
...
...
@@ -105,15 +110,6 @@
log / {{ slave_parameter.get('access_log') }} {combined}
errors {{ slave_parameter.get('error_log') }}
{% if ssl_proxy_verify -%}
{% if 'ssl_proxy_ca_crt' in slave_parameter -%}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
{% endif %}
# TODO-Caddy SSLProxyVerify require
# TODO-Caddy #SSLProxyCheckPeerCN on
# TODO-Caddy SSLProxyCheckPeerExpire on
{% endif %}
{% if disable_via_header %}
# TODO-Caddy Header unset Via
{% endif -%}
...
...
@@ -151,6 +147,14 @@
proxy / {{ slave_parameter.get('https-url', slave_parameter.get('url', '')) }} {
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
{% if 'default-path' in slave_parameter %}
redir 301 {
...
...
@@ -172,9 +176,14 @@
proxy / {{ slave_parameter.get('url', '') }} {
transparent
timeout 600s
{%- if not ssl_proxy_verify %}
insecure_skip_verify
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
# TODO-Caddy SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
# Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
{% endif -%}
# If nothing exist : put a nice error
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment