allow self-signed certificates #42
Description
we use clammit in a docker environment:
traefik -> (clammit) -> apache2
due to not yet fully debugged issues and an upcoming switch to certificate providers
like letsencrypt, we switched to use selfsigned certificates in our internal communication.
therefore (clammit)->apache2 now gave us:
clammit[-]: Failed to forward request: Post "https://xxx": tls: failed to verify certificate: x509: certificate is valid for localhost, not xxx
to get a fast solution, I once again patched the forwarder.go:
func (f *Forwarder) getClient(req *http.Request) (*http.Client, *url.URL) {
applicationURL := f.getApplicationURL(req)
url := &url.URL{
Scheme: applicationURL.Scheme,
Opaque: applicationURL.Opaque,
User: applicationURL.User, // TODO: clone this
Host: applicationURL.Host,
Path: req.URL.Path,
RawQuery: req.URL.RawQuery,
Fragment: req.URL.Fragment,
}
if applicationURL.Scheme == "unix" {
f.logger.Printf("Forwarding to unix socket %s", applicationURL.Path)
url.Scheme = "http"
url.Host = "x"
jar, _ := cookiejar.New(nil)
return &http.Client{
Jar: jar,
Transport: &http.Transport{
Dial: func(network, addr string) (net.Conn, error) {
return net.Dial("unix", applicationURL.Path)
},
},
}, url
} else {
f.logger.Printf("Forwarding to %s", applicationURL.String())
//return &http.Client{}, url
// patch by Top21
// Create a new HTTP client with a custom transport
// This is necessary to allow self-signed certificates
tr := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
return &http.Client{Transport: tr}, url
}
}
sure it would be nice to make this configurable,
but i did not want to mess around in the main()
and risk other issues (I am not fluent in go)