cmd: reverse-proxy: add --insecure flag (with warning) (#3389)

author: linquize <linquize2@yahoo.com> 2020-05-13 00:43:18 +0800
committer: GitHub <noreply@github.com> 2020-05-12 10:43:18 -0600
commit: 44536a7594f060dfca54a3cfb36135c93cba8e59 (patch)
tree: 2322de6edf51119ce9649e790c9d617cff9fa2bb
parent: ea7e4b4024f34fd53f8b8f7b5effb353b36cf8e8 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go
index 31a591c..6de052e 100644
--- a/modules/caddyhttp/reverseproxy/command.go
+++ b/modules/caddyhttp/reverseproxy/command.go
@@ -59,6 +59,7 @@ default, all incoming headers are passed through unmodified.)
 			fs.String("from", "localhost", "Address on which to receive traffic")
 			fs.String("to", "", "Upstream address to which to to proxy traffic")
 			fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream")
+			fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY, WHY ARE YOU EVEN USING TLS?)")
 			return fs
 		}(),
 	})
@@ -68,6 +69,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) {
 	from := fs.String("from")
 	to := fs.String("to")
 	changeHost := fs.Bool("change-host-header")
+	insecure := fs.Bool("insecure")
 
 	httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort)
 	httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort)
@@ -127,6 +129,9 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) {
 	ht := HTTPTransport{}
 	if toAddr.Scheme == "https" {
 		ht.TLS = new(TLSConfig)
+		if insecure {
+			ht.TLS.InsecureSkipVerify = true
+		}
 	}
 
 	handler := Handler{
author	linquize <linquize2@yahoo.com>	2020-05-13 00:43:18 +0800
committer	GitHub <noreply@github.com>	2020-05-12 10:43:18 -0600
commit	44536a7594f060dfca54a3cfb36135c93cba8e59 (patch)
tree	2322de6edf51119ce9649e790c9d617cff9fa2bb
parent	ea7e4b4024f34fd53f8b8f7b5effb353b36cf8e8 (diff)