Skip to content

Commit 77f6c45

Browse files
sreyasreya
committed
feat: support localhost apps running https
1 parent 611fbd8 commit 77f6c45

File tree

2 files changed

+33
-2
lines changed

2 files changed

+33
-2
lines changed

coderd/tailnet.go

+17-1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package coderd
33
import (
44
"bufio"
55
"context"
6+
"crypto/tls"
67
"net"
78
"net/http"
89
"net/http/httputil"
@@ -200,7 +201,22 @@ type ServerTailnet struct {
200201
transport *http.Transport
201202
}
202203

204+
func insecureTLSConfig() *tls.Config {
205+
return &tls.Config{
206+
MinVersion: tls.VersionTLS12,
207+
InsecureSkipVerify: true,
208+
}
209+
}
210+
203211
func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) (_ *httputil.ReverseProxy, release func(), _ error) {
212+
transport := s.transport
213+
214+
// We don't verify certificates for localhost applications.
215+
if targetURL.Scheme == "https" {
216+
transport = transport.Clone()
217+
transport.TLSClientConfig = insecureTLSConfig()
218+
}
219+
204220
proxy := httputil.NewSingleHostReverseProxy(targetURL)
205221
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
206222
site.RenderStaticErrorPage(w, r, site.ErrorPageData{
@@ -212,7 +228,7 @@ func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID u
212228
})
213229
}
214230
proxy.Director = s.director(agentID, proxy.Director)
215-
proxy.Transport = s.transport
231+
proxy.Transport = transport
216232

217233
return proxy, func() {}, nil
218234
}

coderd/wsconncache/wsconncache.go

+16-1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ package wsconncache
44

55
import (
66
"context"
7+
"crypto/tls"
78
"net/http"
89
"net/http/httputil"
910
"net/url"
@@ -49,8 +50,15 @@ func (a *AgentProvider) ReverseProxy(targetURL *url.URL, dashboardURL *url.URL,
4950
return nil, nil, xerrors.Errorf("acquire agent connection: %w", err)
5051
}
5152

52-
proxy.Transport = conn.HTTPTransport()
53+
transport := conn.HTTPTransport()
54+
// We don't verify certificates for localhost applications.
55+
if targetURL.Scheme == "https" {
56+
trans := transport.Clone()
57+
trans.TLSClientConfig = insecureTLSConfig()
5358

59+
}
60+
61+
proxy.Transport = transport
5462
return proxy, release, nil
5563
}
5664

@@ -211,3 +219,10 @@ func (c *Cache) Close() error {
211219
c.closeGroup.Wait()
212220
return nil
213221
}
222+
223+
func insecureTLSConfig() *tls.Config {
224+
return &tls.Config{
225+
MinVersion: tls.VersionTLS12,
226+
InsecureSkipVerify: true,
227+
}
228+
}

0 commit comments

Comments
 (0)