mirrors/hysteria
1
0
Fork 0
mirror of https://github.com/apernet/hysteria.git synced 2025-04-03 20:47:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

feat: allow skip cert verify in masquerade.proxy

Browse source 
close: #1278

masquerade.proxy.insecureSkipVerify
This commit is contained in:
Haruue 2024-12-29 13:58:12 +09:00
parent cd396eea60
commit 2bdaf7b46a
No known key found for this signature in database
GPG key ID: F6083B28CBCBC148
3 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/cmd/server.go
View file

@ -238,6 +238,7 @@ type serverConfigMasqueradeFile struct {
type serverConfigMasqueradeProxy struct { type serverConfigMasqueradeProxy struct {
URL string `mapstructure:"url"` URL string `mapstructure:"url"`
RewriteHost bool `mapstructure:"rewriteHost"` RewriteHost bool `mapstructure:"rewriteHost"`
InsecureSkipVerify bool `mapstructure:"insecureSkipVerify"`
} }
type serverConfigMasqueradeString struct { type serverConfigMasqueradeString struct {
@ -810,6 +811,25 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
if u.Scheme != "http" && u.Scheme != "https" { if u.Scheme != "http" && u.Scheme != "https" {
return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)} return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)}
} }
transport := http.DefaultTransport
if c.Masquerade.Proxy.InsecureSkipVerify {
transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
// use default configs from http.DefaultTransport
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
}
handler = &httputil.ReverseProxy{ handler = &httputil.ReverseProxy{
Rewrite: func(r *httputil.ProxyRequest) { Rewrite: func(r *httputil.ProxyRequest) {
r.SetURL(u) r.SetURL(u)
@ -819,6 +839,7 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
r.Out.Host = r.In.Host r.Out.Host = r.In.Host
} }
}, },
Transport: transport,
ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) { ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
logger.Error("HTTP reverse proxy error", zap.Error(err)) logger.Error("HTTP reverse proxy error", zap.Error(err))
w.WriteHeader(http.StatusBadGateway) w.WriteHeader(http.StatusBadGateway)

1
app/cmd/server_test.go
View file

@ -171,6 +171,7 @@ func TestServerConfig(t *testing.T) {
Proxy: serverConfigMasqueradeProxy{ Proxy: serverConfigMasqueradeProxy{
URL: "https://some.site.net", URL: "https://some.site.net",
RewriteHost: true, RewriteHost: true,
InsecureSkipVerify: true,
}, },
String: serverConfigMasqueradeString{ String: serverConfigMasqueradeString{
Content: "aint nothin here", Content: "aint nothin here",

1
app/cmd/server_test.yaml
View file

@ -132,6 +132,7 @@ masquerade:
proxy: proxy:
url: https://some.site.net url: https://some.site.net
rewriteHost: true rewriteHost: true
insecureSkipVerify: true
string: string:
content: aint nothin here content: aint nothin here
headers: headers: