Revert ignoring ssl proxy errors, doesn't make a difference

2024-08-30 18:22:48 +00:00 · 2018-12-13 14:16:21 +10:00 · 2018-12-13 14:16:21 +10:00 · 2657bcf30c
commit 2657bcf30c
parent 86ad7d6238
7 changed files with 25 additions and 73 deletions
--- a/src/backend/internal/proxy-host.js
+++ b/src/backend/internal/proxy-host.js
@ -48,11 +48,6 @@ const internalProxyHost = {
                // At this point the domains should have been checked
                data.owner_user_id = access.token.getUserId(1);

-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                return proxyHostModel
                    .query()
                    .omit(omissions())
@ -170,11 +165,6 @@ const internalProxyHost = {
                    domain_names: row.domain_names
                }, data);

-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (typeof data.forward_scheme !== 'undefined' && data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                return proxyHostModel
                    .query()
                    .where({id: data.id})
--- a/src/backend/migrations/20181213013211_forward_scheme.js
+++ b/src/backend/migrations/20181213013211_forward_scheme.js
@ -17,7 +17,6 @@ exports.up = function (knex/*, Promise*/) {

    return knex.schema.table('proxy_host', function (proxy_host) {
        proxy_host.string('forward_scheme').notNull().defaultTo('http');
-        proxy_host.integer('ignore_invalid_upstream_ssl').notNull().unsigned().defaultTo(0);
    })
        .then(() => {
            logger.info('[' + migrate_name + '] proxy_host Table altered');
--- a/src/backend/schema/endpoints/proxy-hosts.json
+++ b/src/backend/schema/endpoints/proxy-hosts.json
@ -52,11 +52,6 @@
      "example": true,
      "type": "boolean"
    },
-    "ignore_invalid_upstream_ssl": {
-      "description": "Ignore invalid upstream SSL certificates",
-      "example": true,
-      "type": "boolean"
-    },
    "access_list_id": {
      "$ref": "../definitions.json#/definitions/access_list_id"
    },
@ -107,9 +102,6 @@
    "allow_websocket_upgrade": {
      "$ref": "#/definitions/allow_websocket_upgrade"
    },
-    "ignore_invalid_upstream_ssl": {
-      "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-    },
    "access_list_id": {
      "$ref": "#/definitions/access_list_id"
    },
@ -188,9 +180,6 @@
          "allow_websocket_upgrade": {
            "$ref": "#/definitions/allow_websocket_upgrade"
          },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
          "access_list_id": {
            "$ref": "#/definitions/access_list_id"
          },
@ -252,9 +241,6 @@
          "allow_websocket_upgrade": {
            "$ref": "#/definitions/allow_websocket_upgrade"
          },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
          "access_list_id": {
            "$ref": "#/definitions/access_list_id"
          },
--- a/src/backend/templates/proxy_host.conf
+++ b/src/backend/templates/proxy_host.conf
@ -23,11 +23,11 @@ server {

 {% include "_forced_ssl.conf" %}

-   {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
-   proxy_set_header Upgrade $http_upgrade;
-   proxy_set_header Connection "upgrade";
-   proxy_http_version 1.1;
-   {% endif %}
+    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_http_version 1.1;
+    {% endif %}

    # Proxy!
    include conf.d/include/proxy.conf;
--- a/src/frontend/js/app/nginx/proxy/form.ejs
+++ b/src/frontend/js/app/nginx/proxy/form.ejs
@ -59,7 +59,7 @@
                                </label>
                            </div>
                        </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@ -69,16 +69,6 @@
                            </div>
                        </div>

-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="ignore_invalid_upstream_ssl" value="1"<%- ignore_invalid_upstream_ssl ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'ignore-invalid-upstream-ssl') %></span>
-                                </label>
-                            </div>
-                        </div>
-
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'access-list') %></label>
--- a/src/frontend/js/app/nginx/proxy/form.js
+++ b/src/frontend/js/app/nginx/proxy/form.js
@ -27,19 +27,10 @@ module.exports = Mn.View.extend({
        ssl_forced:         'input[name="ssl_forced"]',
        http2_support:      'input[name="http2_support"]',
        forward_scheme:     'select[name="forward_scheme"]',
-        ignore_ssl:         'input[name="ignore_invalid_upstream_ssl"]',
        letsencrypt:        '.letsencrypt'
    },

    events: {
-        'change @ui.forward_scheme': function () {
-            let val = this.ui.forward_scheme.val();
-            this.ui.ignore_ssl
-                .prop('disabled', val === 'http')
-                .parents('.form-group')
-                .css('opacity', val === 'https' ? 1 : 0.5);
-        },
-
        'change @ui.certificate_select': function () {
            let id = this.ui.certificate_select.val();
            if (id === 'new') {
@ -71,7 +62,6 @@ module.exports = Mn.View.extend({
            data.block_exploits              = !!data.block_exploits;
            data.caching_enabled             = !!data.caching_enabled;
            data.allow_websocket_upgrade     = !!data.allow_websocket_upgrade;
-            data.ignore_invalid_upstream_ssl = data.forward_scheme === 'https' ? !!data.ignore_invalid_upstream_ssl : false;

            if (typeof data.ssl_forced !== 'undefined' && data.ssl_forced === '1') {
                data.ssl_forced = true;
@ -215,8 +205,6 @@ module.exports = Mn.View.extend({
                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
            }
        });
-
-        this.ui.forward_scheme.trigger('change');
    },

    initialize: function (options) {
--- a/src/frontend/js/models/proxy-host.js
+++ b/src/frontend/js/models/proxy-host.js
@ -7,27 +7,26 @@ const model = Backbone.Model.extend({

    defaults: function () {
        return {
-            id:                          undefined,
-            created_on:                  null,
-            modified_on:                 null,
-            domain_names:                [],
-            forward_scheme:              'http',
-            forward_host:                '',
-            forward_port:                null,
-            access_list_id:              0,
-            certificate_id:              0,
-            ssl_forced:                  false,
-            caching_enabled:             false,
-            allow_websocket_upgrade:     false,
-            block_exploits:              false,
-            http2_support:               false,
-            ignore_invalid_upstream_ssl: false,
-            advanced_config:             '',
-            meta:                        {},
+            id:                      undefined,
+            created_on:              null,
+            modified_on:             null,
+            domain_names:            [],
+            forward_scheme:          'http',
+            forward_host:            '',
+            forward_port:            null,
+            access_list_id:          0,
+            certificate_id:          0,
+            ssl_forced:              false,
+            caching_enabled:         false,
+            allow_websocket_upgrade: false,
+            block_exploits:          false,
+            http2_support:           false,
+            advanced_config:         '',
+            meta:                    {},
            // The following are expansions:
-            owner:                       null,
-            access_list:                 null,
-            certificate:                 null
+            owner:                   null,
+            access_list:             null,
+            certificate:             null
        };
    }
 });