config: tls verification can be disabled (#32)

tiket-oss · Aug 19, 2019 · 1f188a0 · 1f188a0
1 parent b071d4e
commit 1f188a0
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 5 deletions.
diff --git a/config.template.json b/config.template.json
@@ -22,13 +22,19 @@
             "timeout": 5,
             "max-idle-conns": 1000,
             "idle-conn-timeout": 30,
-            "disable-compression": true
+            "disable-compression": true,
+            "tls": {
+                "insecure-skip-verify": true
+            }
         },
         "to-sidecar": {
             "timeout": 2,
             "max-idle-conns": 1000,
             "idle-conn-timeout": 30,
-            "disable-compression": true
+            "disable-compression": true,
+            "tls": {
+                "insecure-skip-verify": true
+            }
         },
     }
 }
diff --git a/config/config.go b/config/config.go
@@ -56,4 +56,10 @@ type HTTPClientConfig struct {
 	MaxIdleConns       int  `mapstructure:"max-idle-conns"`
 	IdleConnTimeout    int  `mapstructure:"idle-conn-timeout"`
 	DisableCompression bool `mapstructure:"disable-compression"`
+	TLS                TLS  `mapstructure:"tls"`
+}
+
+// TLS holds the configuration of TLS
+type TLS struct {
+	InsecureSkipVerify bool `mapstructure:"insecure-skip-verify"`
 }
diff --git a/proxy.go b/proxy.go
@@ -1,6 +1,7 @@
 package canaryrouter
 
 import (
+	"crypto/tls"
 	"log"
 	"net/http"
 	"net/http/httputil"
@@ -28,14 +29,14 @@ func BuildProxies(configClient config.HTTPClientConfig, mainTargetURL, canaryTar
 	if err != nil {
 		return nil, errors.Trace(err)
 	}
-	proxyMain.Transport = newTransport(configClient.MaxIdleConns, configClient.IdleConnTimeout, configClient.DisableCompression)
+	proxyMain.Transport = newTransport(configClient.MaxIdleConns, configClient.IdleConnTimeout, configClient.DisableCompression, configClient.TLS)
 	proxyMain.ErrorLog = log.New(os.Stderr, "[proxy-main] ", log.LstdFlags|log.Llongfile)
 
 	proxyCanary, err := newReverseProxy(canaryTargetURL)
 	if err != nil {
 		return nil, errors.Trace(err)
 	}
-	proxyCanary.Transport = newTransport(configClient.MaxIdleConns, configClient.IdleConnTimeout, configClient.DisableCompression)
+	proxyCanary.Transport = newTransport(configClient.MaxIdleConns, configClient.IdleConnTimeout, configClient.DisableCompression, configClient.TLS)
 	proxyCanary.ErrorLog = log.New(os.Stderr, "[proxy-canary] ", log.LstdFlags|log.Llongfile)
 
 	proxies := &Proxy{
@@ -46,11 +47,12 @@ func BuildProxies(configClient config.HTTPClientConfig, mainTargetURL, canaryTar
 	return proxies, nil
 }
 
-func newTransport(maxIdleConns, idleConnTimeout int, disableCompression bool) *http.Transport {
+func newTransport(maxIdleConns, idleConnTimeout int, disableCompression bool, tlsConfig config.TLS) *http.Transport {
 	return &http.Transport{
 		MaxIdleConns:       maxIdleConns,
 		IdleConnTimeout:    time.Duration(idleConnTimeout) * time.Second,
 		DisableCompression: disableCompression,
+		TLSClientConfig:    &tls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify},
 	}
 }
 

diff --git a/server/server.go b/server/server.go
@@ -3,6 +3,7 @@ package server
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -53,6 +54,7 @@ func NewServer(config config.Config) (*Server, error) {
 		MaxIdleConns:          config.Client.Sidecar.MaxIdleConns,
 		IdleConnTimeout:       time.Duration(config.Client.Sidecar.IdleConnTimeout) * time.Second,
 		DisableCompression:    config.Client.Sidecar.DisableCompression,
+		TLSClientConfig:       &tls.Config{InsecureSkipVerify: config.Client.Sidecar.TLS.InsecureSkipVerify},
 	}
 
 	sidecarURL, err := url.Parse(server.config.SidecarURL)