Merge pull request #557 from stuart-c/insecure_skip_verify

Add global InsecureSkipVerify option to disable certificate checking
2016-08-01 15:42:33 +02:00 · 2016-08-01 15:42:33 +02:00 · 5ce9719951
parent 7abe68fac1 914aa7d372
commit 5ce9719951
4 changed files with 19 additions and 0 deletions
--- a/configuration.go
+++ b/configuration.go
@ -33,6 +33,7 @@ type GlobalConfiguration struct {
 	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
 	ProvidersThrottleDuration time.Duration           `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
 	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used"`
+	InsecureSkipVerify        bool                    `description:"Disable SSL certificate verification"`
 	Retry                     *Retry                  `description:"Enable retry sending request if network error"`
 	Docker                    *provider.Docker        `description:"Enable Docker backend"`
 	File                      *provider.File          `description:"Enable File backend"`
--- a/docs/toml.md
+++ b/docs/toml.md
@ -46,6 +46,13 @@
 #
 # MaxIdleConnsPerHost = 200

+# If set to true invalid SSL certificates are accepted for backends.
+# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
+# Optional
+# Default: false
+#
+# InsecureSkipVerify = true
+
 # Entrypoints to be used by frontends that do not specify any entrypoint.
 # Each frontend can specify its own entrypoints.
 #
--- a/traefik.go
+++ b/traefik.go
@ -1,6 +1,7 @@
 package main

 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	fmtlog "log"
@ -173,6 +174,9 @@ func run(traefikConfiguration *TraefikConfiguration) {
 	globalConfiguration := traefikConfiguration.GlobalConfiguration

 	http.DefaultTransport.(*http.Transport).MaxIdleConnsPerHost = globalConfiguration.MaxIdleConnsPerHost
+	if globalConfiguration.InsecureSkipVerify {
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
 	loggerMiddleware := middlewares.NewLogger(globalConfiguration.AccessLogsFile)
 	defer loggerMiddleware.Close()

--- a/traefik.sample.toml
+++ b/traefik.sample.toml
@ -47,6 +47,13 @@
 #
 # MaxIdleConnsPerHost = 200

+# If set to true invalid SSL certificates are accepted for backends.
+# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
+# Optional
+# Default: false
+#
+# InsecureSkipVerify = true
+
 # Entrypoints to be used by frontends that do not specify any entrypoint.
 # Each frontend can specify its own entrypoints.
 #