Certificate errors in proxy when upstream is protected by TLS

buzzfeed / sso

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

MIT License

3.07k stars 187 forks source link

Certificate errors in proxy when upstream is protected by TLS #265

Closed rafaelmagu closed 4 years ago

rafaelmagu commented 4 years ago

I'm getting http: proxy error: x509: certificate has expired or is not yet valid in the logs when trying to proxy to an upstream with a self-signed certificate, despite adding tls_verify: false to the options block of the upstream in upstream_configs.yml.

I'm almost certain this is, in fact, a misconfiguration from my point of view, so I'd like to ask for clarification as to how to ensure TLS cert is not verified for a specific upstream.

rafaelmagu commented 4 years ago

Figured it out: tls_verify: false isn't a valid option. tls_skip_verify: true is the correct flag.