Open funkypenguin opened 6 years ago
@funkypenguin Have you tried -ssl-insecure-skip-verify
?
I think -ssl-insecure-skip-verify
, by changing the default http client, applies to the requests to the provider, but not to the proxy transport to the upstream/backend ... that's my guess due to #403 where @funkypenguin has already commented as well.
Correct, I've just re-tested, same issue applies as #403 (I'd forgotten I commented there)
My container:
/ # ps -ef | grep skip
1 root 0:00 oauth2_proxy -upstream=https://unifi:8443 -ssl-insecure-skip-verify=true -redirect-url=https://unifi.funkypenguin.co.nz -http-address=http://0.0.0.0:4180 -email-domain=funkypenguin.co.nz -provider=github -authenticated-emails-file=/authenticated-emails.txt -ssl-insecure-skip-verify
My logs
unifi_proxy.1.w9b26eggyoa7@ds2.funkypenguin.co.nz | 2017/12/21 08:04:40 reverseproxy.go:316: http: proxy error: x509: certificate signed by unknown authority
Hey folks,
I'm trying to use oauth2_proxy to protect the admin interface of a UniFi Controller UI. The UniFi controller uses its own, self-signed cert to provide HTTPS access. Changing the cert is very hard, since you'd have to change the contents of the java bundle used to provide the controller.
Oauth2_proxy is refusing to proxy to the upstream controller, with a message like this:
Any ideas re how I can make this work?
Thanks! D