search

Unleash / unleash-proxy

Unleash Proxy is used to safely integrate frontend application with Unleash in a secure and scaleable way.
https://docs.getunleash.io/sdks/unleash-proxy
Apache License 2.0
53 stars 43 forks source link

Allow configuring the value for httpOptions.rejectUnauthorized via Environment variables #99

Closed vkbandi closed 1 year ago

vkbandi commented 2 years ago

When using unleash proxy docker image, it is not possible to configure it to allow self signed certificates, I have tried using the environment variables NODE_EXTRA_CA_CERTSand NODE_TLS_REJECT_UNAUTHORIZED, both doesn't appear to stop the "request to https://gitlab.example.com/api/v4/feature_flags/unleash/000000/client/register failed, reason: self signed certificate in certificate chain" error.

The only workaround is to run the unleash proxy as a node js application and adding httpOptions: { rejectUnauthorized: false } in the createApp configuration

Example

const app = createApp({
    unleashUrl: 'https://gitlab.example.com/api/v4/feature_flags/unleash/000000',
    unleashInstanceId: '0xx-0x0_xxXXXXX0_xx0',
    unleashApiToken: 'xxxxx-xxxxxxxxxxxxxxxxxx',
    unleashAppName: "example",
    clientKeys: ['some-secret'],
    proxyPort: 3000,
    **httpOptions: { rejectUnauthorized: false }**
});

If the value for httpOptions.rejectUnauthorized can be read from the Environment variables, then we can use the unleash proxy with the provided docker image

nunogois commented 2 years ago

Hi @vkbandi - Thanks for opening this issue! I'll reach out to the rest of the team and we'll get back to you 👍

ivarconr commented 1 year ago

Hi, I all node.js applications you can allow any self-signed certificates by setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0 (see official node.js docs).

How you would do this with docker then would be:

docker run \
   -e NODE_TLS_REJECT_UNAUTHORIZED=0 \
   -e UNLEASH_PROXY_CLIENT_KEYS=some-secret \
   -e UNLEASH_URL=https://app.unleash-hosted.com/demo/api/ \
   -e UNLEASH_API_TOKEN=56907a2fa53c1d16101d509a10b78e36190b0f918d9f122d \
   -p 3000:3000 \
   unleashorg/unleash-proxy
vkbandi commented 1 year ago

Hi @ivarconr Thanks for replying, I tried with setting NODE_TLS_REJECT_UNAUTHORIZED=0 in docker environment variables and also by creating a node js application to act as unleash proxy, but it never worked. Maybe Im missing something her.

But the only config that worked is setting the httpOptions: { rejectUnauthorized: false } in the node js application.

ivarconr commented 1 year ago

I see. Maybe we need to support that as a configurable option then. Do you mind looking in to a PR?

vkbandi commented 1 year ago

Sorry for the late reply, let me try to create a PR, it will take some time though

vkbandi commented 1 year ago

Sorry for the delay, need few more days to work on this