option for skipping OAuth provider SSL verification
This commit is contained in:
parent
bb9b607440
commit
dcf62d06df
@ -200,6 +200,7 @@ Usage of oauth2_proxy:
|
|||||||
-signature-key="": GAP-Signature request signature key (algorithm:secretkey)
|
-signature-key="": GAP-Signature request signature key (algorithm:secretkey)
|
||||||
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
|
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
|
||||||
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
|
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
|
||||||
|
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
|
||||||
-tls-cert="": path to certificate file
|
-tls-cert="": path to certificate file
|
||||||
-tls-key="": path to private key file
|
-tls-key="": path to private key file
|
||||||
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
|
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
|
||||||
|
@ -54,6 +54,10 @@
|
|||||||
## optional directory with custom sign_in.html and error.html
|
## optional directory with custom sign_in.html and error.html
|
||||||
# custom_templates_dir = ""
|
# custom_templates_dir = ""
|
||||||
|
|
||||||
|
## skip SSL checking for HTTPS requests
|
||||||
|
# ssl_insecure_skip_verify = false
|
||||||
|
|
||||||
|
|
||||||
## Cookie Settings
|
## Cookie Settings
|
||||||
## Name - the cookie name
|
## Name - the cookie name
|
||||||
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
|
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
|
||||||
|
1
main.go
1
main.go
@ -38,6 +38,7 @@ func main() {
|
|||||||
flagSet.Bool("pass-host-header", true, "pass the request Host Header to upstream")
|
flagSet.Bool("pass-host-header", true, "pass the request Host Header to upstream")
|
||||||
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
|
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
|
||||||
flagSet.Bool("skip-provider-button", false, "will skip sign-in-page to directly reach the next step: oauth/start")
|
flagSet.Bool("skip-provider-button", false, "will skip sign-in-page to directly reach the next step: oauth/start")
|
||||||
|
flagSet.Bool("ssl-insecure-skip-verify", false, "skip validation of certificates presented when using HTTPS")
|
||||||
|
|
||||||
flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
|
flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
|
||||||
flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
|
flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
|
||||||
|
10
options.go
10
options.go
@ -2,6 +2,7 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto"
|
"crypto"
|
||||||
|
"crypto/tls"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -55,6 +56,7 @@ type Options struct {
|
|||||||
PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"`
|
PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"`
|
||||||
SkipProviderButton bool `flag:"skip-provider-button" cfg:"skip_provider_button"`
|
SkipProviderButton bool `flag:"skip-provider-button" cfg:"skip_provider_button"`
|
||||||
PassUserHeaders bool `flag:"pass-user-headers" cfg:"pass_user_headers"`
|
PassUserHeaders bool `flag:"pass-user-headers" cfg:"pass_user_headers"`
|
||||||
|
SSLInsecureSkipVerify bool `flag:"ssl-insecure-skip-verify" cfg:"ssl_insecure_skip_verify"`
|
||||||
|
|
||||||
// These options allow for other providers besides Google, with
|
// These options allow for other providers besides Google, with
|
||||||
// potential overrides.
|
// potential overrides.
|
||||||
@ -99,7 +101,6 @@ func NewOptions() *Options {
|
|||||||
PassUserHeaders: true,
|
PassUserHeaders: true,
|
||||||
PassAccessToken: false,
|
PassAccessToken: false,
|
||||||
PassHostHeader: true,
|
PassHostHeader: true,
|
||||||
SkipProviderButton: false,
|
|
||||||
ApprovalPrompt: "force",
|
ApprovalPrompt: "force",
|
||||||
RequestLogging: true,
|
RequestLogging: true,
|
||||||
}
|
}
|
||||||
@ -205,6 +206,13 @@ func (o *Options) Validate() error {
|
|||||||
msgs = parseSignatureKey(o, msgs)
|
msgs = parseSignatureKey(o, msgs)
|
||||||
msgs = validateCookieName(o, msgs)
|
msgs = validateCookieName(o, msgs)
|
||||||
|
|
||||||
|
if o.SSLInsecureSkipVerify {
|
||||||
|
insecureTransport := &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||||
|
}
|
||||||
|
http.DefaultClient = &http.Client{Transport: insecureTransport}
|
||||||
|
}
|
||||||
|
|
||||||
if len(msgs) != 0 {
|
if len(msgs) != 0 {
|
||||||
return fmt.Errorf("Invalid configuration:\n %s",
|
return fmt.Errorf("Invalid configuration:\n %s",
|
||||||
strings.Join(msgs, "\n "))
|
strings.Join(msgs, "\n "))
|
||||||
|
Loading…
Reference in New Issue
Block a user