Closed stephdl closed 5 months ago
QA
we need to test to create a custom route (a reverse proxy) to another webserver using a self signed certificate
for example you have inside you local network a web server running a wordpress with a self signed certificate on 192.168.1.100
, you will create a custom route to forward web requests from a FQDN (foo.domain.com) or a Path (/foo) to https://192.168.1.100
Previously you needed to have a valid certificate (LE or paid certificate) with this works we could say to Traefik do not verify the certificate
target version
case 1 upgrade
by the CLI
or enable testing and use the UI
)hostname
(foo.domain.com
) and path
(test with ns8.domain.com/foo
)what to test:
can
use the web application resource with a self signed certificatecannot
use the web application resource with a self signed certificateFQDN
or Path
set)case 2 direct install
curl https://raw.githubusercontent.com/NethServer/ns8-core/main/core/install.sh > install.sh
bash +x install.sh ghcr.io/nethserver/core:2.2.8-dev.1 ghcr.io/nethserver/traefik:2.0.2-dev.2
hostname
(foo.domain.com
) and path
(test with ns8.domain.com/foo
)what to test:
can
use the web application resource with a self signed certificatecannot
use the web application resource with a self signed certificateFQDN
or Path
set)test case 1: verified
test case 2: verified
When we have some web servers in the local network, we could open only one time the tcp/80 and tcp/443 inside the firewall of the LAN. The common scenario is to use a reverse proxy (what Traefik is) and forward the request to an IP or FQDN . The concern is that if you use a web application with a self signed certificate then Traefik refuses to forward the request
Proposed solution
I propose to add a toggle to let the user decide if he can trust the self signed certificate or refuse to forward if the certificate is not validated by Traefik
Alternative solutions
no simple solutions for now, the alternative solution is actually disable the verification globally.
thank @DavidePrincipi for the idea of the feature