search

andydunstall / piko

An open-source alternative to Ngrok, designed to serve production traffic and be simple to host (particularly on Kubernetes)
MIT License
1.9k stars 55 forks source link

Agent Upstream Service TLS Configuration #185

Open andydunstall opened 10 hours ago

andydunstall commented 10 hours ago

Add support for configuring how the agent connects to upstream services

Each listener should support tls configuration, which includes both root_cas and insecure_skip_verify configuration, such as:

listeners:
  - endpoint_id: my-endpoint
    addr: https://localhost:3000
    protocol: http
    tls:
      root_cas: my-ca.pem
      insecure_skip_verify: false

When using http protocol, the TLS configuration is passed to the HTTP client, so if the client connects using HTTPS it will use the given configuration.

Also support a tls protocol where the the client is configured using the tls configuration. Validation should fail when configuration tls for tcp protocol

All other Piko TLS client configuration should also be extended to support insecure_skip_verify

Also extend the agent configuration documentation to provide better examples.