Skip to content

Commit 3ebe5a4

Browse files
sreyasreya
committed
feat: support localhost apps running https
1 parent 00b9a3c commit 3ebe5a4

File tree

2 files changed

+33
-2
lines changed

2 files changed

+33
-2
lines changed

coderd/tailnet.go

+17-1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package coderd
33
import (
44
"bufio"
55
"context"
6+
"crypto/tls"
67
"net"
78
"net/http"
89
"net/http/httputil"
@@ -214,7 +215,22 @@ type ServerTailnet struct {
214215
transport *http.Transport
215216
}
216217

218+
func insecureTLSConfig() *tls.Config {
219+
return &tls.Config{
220+
MinVersion: tls.VersionTLS12,
221+
InsecureSkipVerify: true,
222+
}
223+
}
224+
217225
func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) (_ *httputil.ReverseProxy, release func(), _ error) {
226+
transport := s.transport
227+
228+
// We don't verify certificates for localhost applications.
229+
if targetURL.Scheme == "https" {
230+
transport = transport.Clone()
231+
transport.TLSClientConfig = insecureTLSConfig()
232+
}
233+
218234
proxy := httputil.NewSingleHostReverseProxy(targetURL)
219235
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
220236
site.RenderStaticErrorPage(w, r, site.ErrorPageData{
@@ -226,7 +242,7 @@ func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID u
226242
})
227243
}
228244
proxy.Director = s.director(agentID, proxy.Director)
229-
proxy.Transport = s.transport
245+
proxy.Transport = transport
230246

231247
return proxy, func() {}, nil
232248
}

coderd/wsconncache/wsconncache.go

+16-1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ package wsconncache
44

55
import (
66
"context"
7+
"crypto/tls"
78
"net/http"
89
"net/http/httputil"
910
"net/url"
@@ -49,8 +50,15 @@ func (a *AgentProvider) ReverseProxy(targetURL *url.URL, dashboardURL *url.URL,
4950
return nil, nil, xerrors.Errorf("acquire agent connection: %w", err)
5051
}
5152

52-
proxy.Transport = conn.HTTPTransport()
53+
transport := conn.HTTPTransport()
54+
// We don't verify certificates for localhost applications.
55+
if targetURL.Scheme == "https" {
56+
trans := transport.Clone()
57+
trans.TLSClientConfig = insecureTLSConfig()
5358

59+
}
60+
61+
proxy.Transport = transport
5462
return proxy, release, nil
5563
}
5664

@@ -211,3 +219,10 @@ func (c *Cache) Close() error {
211219
c.closeGroup.Wait()
212220
return nil
213221
}
222+
223+
func insecureTLSConfig() *tls.Config {
224+
return &tls.Config{
225+
MinVersion: tls.VersionTLS12,
226+
InsecureSkipVerify: true,
227+
}
228+
}

0 commit comments

Comments
 (0)