mirror of
https://github.com/openziti/zrok.git
synced 2024-12-22 23:02:52 +01:00
--insecure for share '<public|private|reserved>' (#195)
This commit is contained in:
parent
6e55c33261
commit
3ec0c5ead4
@ -32,6 +32,7 @@ type sharePrivateCommand struct {
|
||||
basicAuth []string
|
||||
backendMode string
|
||||
headless bool
|
||||
insecure bool
|
||||
cmd *cobra.Command
|
||||
}
|
||||
|
||||
@ -45,6 +46,7 @@ func newSharePrivateCommand() *sharePrivateCommand {
|
||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
|
||||
cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
|
||||
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
|
||||
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
|
||||
cmd.Run = command.run
|
||||
return command
|
||||
}
|
||||
@ -145,6 +147,7 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
|
||||
IdentityPath: zif,
|
||||
EndpointAddress: target,
|
||||
ShrToken: resp.Payload.ShrToken,
|
||||
Insecure: cmd.insecure,
|
||||
RequestsChan: requestsChan,
|
||||
}
|
||||
_, err = cmd.proxyBackendMode(cfg)
|
||||
|
@ -33,6 +33,7 @@ type sharePublicCommand struct {
|
||||
frontendSelection []string
|
||||
backendMode string
|
||||
headless bool
|
||||
insecure bool
|
||||
cmd *cobra.Command
|
||||
}
|
||||
|
||||
@ -47,6 +48,7 @@ func newSharePublicCommand() *sharePublicCommand {
|
||||
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
|
||||
cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
|
||||
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
|
||||
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
|
||||
cmd.Run = command.run
|
||||
return command
|
||||
}
|
||||
@ -148,6 +150,7 @@ func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) {
|
||||
IdentityPath: zif,
|
||||
EndpointAddress: target,
|
||||
ShrToken: resp.Payload.ShrToken,
|
||||
Insecure: cmd.insecure,
|
||||
RequestsChan: requestsChan,
|
||||
}
|
||||
_, err = cmd.proxyBackendMode(cfg)
|
||||
|
@ -24,6 +24,7 @@ func init() {
|
||||
type shareReservedCommand struct {
|
||||
overrideEndpoint string
|
||||
headless bool
|
||||
insecure bool
|
||||
cmd *cobra.Command
|
||||
}
|
||||
|
||||
@ -35,6 +36,7 @@ func newShareReservedCommand() *shareReservedCommand {
|
||||
command := &shareReservedCommand{cmd: cmd}
|
||||
cmd.Flags().StringVar(&command.overrideEndpoint, "override-endpoint", "", "Override the stored target endpoint with a replacement")
|
||||
cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
|
||||
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation")
|
||||
cmd.Run = command.run
|
||||
return command
|
||||
}
|
||||
@ -110,6 +112,7 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) {
|
||||
IdentityPath: zif,
|
||||
EndpointAddress: target,
|
||||
ShrToken: shrToken,
|
||||
Insecure: cmd.insecure,
|
||||
RequestsChan: requestsChan,
|
||||
}
|
||||
_, err := cmd.proxyBackendMode(cfg)
|
||||
|
@ -2,6 +2,7 @@ package proxyBackend
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"github.com/openziti/sdk-golang/ziti"
|
||||
"github.com/openziti/sdk-golang/ziti/config"
|
||||
@ -21,6 +22,7 @@ type Config struct {
|
||||
IdentityPath string
|
||||
EndpointAddress string
|
||||
ShrToken string
|
||||
Insecure bool
|
||||
RequestsChan chan *endpoints.Request
|
||||
}
|
||||
|
||||
@ -45,7 +47,7 @@ func NewBackend(cfg *Config) (*backend, error) {
|
||||
return nil, errors.Wrap(err, "error listening")
|
||||
}
|
||||
|
||||
proxy, err := newReverseProxy(cfg.EndpointAddress, cfg.RequestsChan)
|
||||
proxy, err := newReverseProxy(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -70,21 +72,24 @@ func (self *backend) Requests() func() int32 {
|
||||
return self.requests
|
||||
}
|
||||
|
||||
func newReverseProxy(target string, requests chan *endpoints.Request) (*httputil.ReverseProxy, error) {
|
||||
targetURL, err := url.Parse(target)
|
||||
func newReverseProxy(cfg *Config) (*httputil.ReverseProxy, error) {
|
||||
targetURL, err := url.Parse(cfg.EndpointAddress)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tpt := http.DefaultTransport.(*http.Transport).Clone()
|
||||
tpt.DialContext = metricsDial
|
||||
if cfg.Insecure {
|
||||
tpt.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
}
|
||||
|
||||
proxy := httputil.NewSingleHostReverseProxy(targetURL)
|
||||
proxy.Transport = tpt
|
||||
director := proxy.Director
|
||||
proxy.Director = func(req *http.Request) {
|
||||
if requests != nil {
|
||||
requests <- &endpoints.Request{
|
||||
if cfg.RequestsChan != nil {
|
||||
cfg.RequestsChan <- &endpoints.Request{
|
||||
Stamp: time.Now(),
|
||||
RemoteAddr: fmt.Sprintf("%v", req.Header["X-Real-Ip"]),
|
||||
Method: req.Method,
|
||||
|
Loading…
Reference in New Issue
Block a user