feat: allow skip cert verify in masquerade.proxy

close: #1278 masquerade.proxy.insecureSkipVerify
2025-04-02 03:57:38 +03:00 · 2024-12-29 13:58:12 +09:00 · 2024-12-29 13:58:12 +09:00 · 2bdaf7b46a
commit 2bdaf7b46a
parent cd396eea60
3 changed files with 27 additions and 4 deletions
--- a/app/cmd/server.go
+++ b/app/cmd/server.go
@ -236,8 +236,9 @@ type serverConfigMasqueradeFile struct {
 }

 type serverConfigMasqueradeProxy struct {
-	URL         string `mapstructure:"url"`
-	RewriteHost bool   `mapstructure:"rewriteHost"`
+	URL                string `mapstructure:"url"`
+	RewriteHost        bool   `mapstructure:"rewriteHost"`
+	InsecureSkipVerify bool   `mapstructure:"insecureSkipVerify"`
 }

 type serverConfigMasqueradeString struct {
@ -810,6 +811,25 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 		if u.Scheme != "http" && u.Scheme != "https" {
 			return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)}
 		}
+		transport := http.DefaultTransport
+		if c.Masquerade.Proxy.InsecureSkipVerify {
+			transport = &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+				// use default configs from http.DefaultTransport
+				Proxy: http.ProxyFromEnvironment,
+				DialContext: (&net.Dialer{
+					Timeout:   30 * time.Second,
+					KeepAlive: 30 * time.Second,
+				}).DialContext,
+				ForceAttemptHTTP2:     true,
+				MaxIdleConns:          100,
+				IdleConnTimeout:       90 * time.Second,
+				TLSHandshakeTimeout:   10 * time.Second,
+				ExpectContinueTimeout: 1 * time.Second,
+			}
+		}
 		handler = &httputil.ReverseProxy{
 			Rewrite: func(r *httputil.ProxyRequest) {
 				r.SetURL(u)
@ -819,6 +839,7 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 					r.Out.Host = r.In.Host
 				}
 			},
+			Transport: transport,
 			ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
 				logger.Error("HTTP reverse proxy error", zap.Error(err))
 				w.WriteHeader(http.StatusBadGateway)
--- a/app/cmd/server_test.go
+++ b/app/cmd/server_test.go
@ -169,8 +169,9 @@ func TestServerConfig(t *testing.T) {
 				Dir: "/www/masq",
 			},
 			Proxy: serverConfigMasqueradeProxy{
-				URL:         "https://some.site.net",
-				RewriteHost: true,
+				URL:                "https://some.site.net",
+				RewriteHost:        true,
+				InsecureSkipVerify: true,
 			},
 			String: serverConfigMasqueradeString{
 				Content: "aint nothin here",
--- a/app/cmd/server_test.yaml
+++ b/app/cmd/server_test.yaml
@ -132,6 +132,7 @@ masquerade:
  proxy:
    url: https://some.site.net
    rewriteHost: true
+    insecureSkipVerify: true
  string:
    content: aint nothin here
    headers: