Commit bae4ac97 authored by Filippo Valsorda's avatar Filippo Valsorda

proxy: add a insecure_skip_verify option - closes #320

parent 6e340cb1
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
package proxy package proxy
import ( import (
"crypto/tls"
"io" "io"
"net" "net"
"net/http" "net/http"
...@@ -103,6 +104,16 @@ var hopHeaders = []string{ ...@@ -103,6 +104,16 @@ var hopHeaders = []string{
"Upgrade", "Upgrade",
} }
var InsecureTransport http.RoundTripper = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request, extraHeaders http.Header) error { func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request, extraHeaders http.Header) error {
transport := p.Transport transport := p.Transport
if transport == nil { if transport == nil {
......
...@@ -23,6 +23,7 @@ type staticUpstream struct { ...@@ -23,6 +23,7 @@ type staticUpstream struct {
proxyHeaders http.Header proxyHeaders http.Header
Hosts HostPool Hosts HostPool
Policy Policy Policy Policy
insecureSkipVerify bool
FailTimeout time.Duration FailTimeout time.Duration
MaxFails int32 MaxFails int32
...@@ -90,6 +91,9 @@ func NewStaticUpstreams(c parse.Dispenser) ([]Upstream, error) { ...@@ -90,6 +91,9 @@ func NewStaticUpstreams(c parse.Dispenser) ([]Upstream, error) {
} }
if baseURL, err := url.Parse(uh.Name); err == nil { if baseURL, err := url.Parse(uh.Name); err == nil {
uh.ReverseProxy = NewSingleHostReverseProxy(baseURL, uh.WithoutPathPrefix) uh.ReverseProxy = NewSingleHostReverseProxy(baseURL, uh.WithoutPathPrefix)
if upstream.insecureSkipVerify {
uh.ReverseProxy.Transport = InsecureTransport
}
} else { } else {
return upstreams, err return upstreams, err
} }
...@@ -175,6 +179,8 @@ func parseBlock(c *parse.Dispenser, u *staticUpstream) error { ...@@ -175,6 +179,8 @@ func parseBlock(c *parse.Dispenser, u *staticUpstream) error {
return c.ArgErr() return c.ArgErr()
} }
u.IgnoredSubPaths = ignoredPaths u.IgnoredSubPaths = ignoredPaths
case "insecure_skip_verify":
u.insecureSkipVerify = true
default: default:
return c.Errf("unknown property '%s'", c.Val()) return c.Errf("unknown property '%s'", c.Val())
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment