From 44536a7594f060dfca54a3cfb36135c93cba8e59 Mon Sep 17 00:00:00 2001 From: linquize Date: Wed, 13 May 2020 00:43:18 +0800 Subject: [PATCH] cmd: reverse-proxy: add --insecure flag (with warning) (#3389) --- modules/caddyhttp/reverseproxy/command.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 31a591c9..6de052e7 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -59,6 +59,7 @@ default, all incoming headers are passed through unmodified.) fs.String("from", "localhost", "Address on which to receive traffic") fs.String("to", "", "Upstream address to which to to proxy traffic") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") + fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY, WHY ARE YOU EVEN USING TLS?)") return fs }(), }) @@ -68,6 +69,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { from := fs.String("from") to := fs.String("to") changeHost := fs.Bool("change-host-header") + insecure := fs.Bool("insecure") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) @@ -127,6 +129,9 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { ht := HTTPTransport{} if toAddr.Scheme == "https" { ht.TLS = new(TLSConfig) + if insecure { + ht.TLS.InsecureSkipVerify = true + } } handler := Handler{