From 2657bcf30c0b81c66c787f7978b47e1ec3421761 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 13 Dec 2018 14:16:21 +1000 Subject: [PATCH] Revert ignoring ssl proxy errors, doesn't make a difference --- src/backend/internal/proxy-host.js | 10 ----- .../20181213013211_forward_scheme.js | 1 - src/backend/schema/endpoints/proxy-hosts.json | 14 ------- src/backend/templates/proxy_host.conf | 10 ++--- src/frontend/js/app/nginx/proxy/form.ejs | 12 +----- src/frontend/js/app/nginx/proxy/form.js | 12 ------ src/frontend/js/models/proxy-host.js | 39 +++++++++---------- 7 files changed, 25 insertions(+), 73 deletions(-) diff --git a/src/backend/internal/proxy-host.js b/src/backend/internal/proxy-host.js index 407b01ae..1946427b 100644 --- a/src/backend/internal/proxy-host.js +++ b/src/backend/internal/proxy-host.js @@ -48,11 +48,6 @@ const internalProxyHost = { // At this point the domains should have been checked data.owner_user_id = access.token.getUserId(1); - // Ignoring upstream ssl errors only applies when upstream scheme is https - if (data.forward_scheme === 'http') { - data.ignore_invalid_upstream_ssl = false; - } - return proxyHostModel .query() .omit(omissions()) @@ -170,11 +165,6 @@ const internalProxyHost = { domain_names: row.domain_names }, data); - // Ignoring upstream ssl errors only applies when upstream scheme is https - if (typeof data.forward_scheme !== 'undefined' && data.forward_scheme === 'http') { - data.ignore_invalid_upstream_ssl = false; - } - return proxyHostModel .query() .where({id: data.id}) diff --git a/src/backend/migrations/20181213013211_forward_scheme.js b/src/backend/migrations/20181213013211_forward_scheme.js index 6b74a4de..e68cecd1 100644 --- a/src/backend/migrations/20181213013211_forward_scheme.js +++ b/src/backend/migrations/20181213013211_forward_scheme.js @@ -17,7 +17,6 @@ exports.up = function (knex/*, Promise*/) { return knex.schema.table('proxy_host', function (proxy_host) { proxy_host.string('forward_scheme').notNull().defaultTo('http'); - proxy_host.integer('ignore_invalid_upstream_ssl').notNull().unsigned().defaultTo(0); }) .then(() => { logger.info('[' + migrate_name + '] proxy_host Table altered'); diff --git a/src/backend/schema/endpoints/proxy-hosts.json b/src/backend/schema/endpoints/proxy-hosts.json index 3f457ef7..ae8a1a52 100644 --- a/src/backend/schema/endpoints/proxy-hosts.json +++ b/src/backend/schema/endpoints/proxy-hosts.json @@ -52,11 +52,6 @@ "example": true, "type": "boolean" }, - "ignore_invalid_upstream_ssl": { - "description": "Ignore invalid upstream SSL certificates", - "example": true, - "type": "boolean" - }, "access_list_id": { "$ref": "../definitions.json#/definitions/access_list_id" }, @@ -107,9 +102,6 @@ "allow_websocket_upgrade": { "$ref": "#/definitions/allow_websocket_upgrade" }, - "ignore_invalid_upstream_ssl": { - "$ref": "#/definitions/ignore_invalid_upstream_ssl" - }, "access_list_id": { "$ref": "#/definitions/access_list_id" }, @@ -188,9 +180,6 @@ "allow_websocket_upgrade": { "$ref": "#/definitions/allow_websocket_upgrade" }, - "ignore_invalid_upstream_ssl": { - "$ref": "#/definitions/ignore_invalid_upstream_ssl" - }, "access_list_id": { "$ref": "#/definitions/access_list_id" }, @@ -252,9 +241,6 @@ "allow_websocket_upgrade": { "$ref": "#/definitions/allow_websocket_upgrade" }, - "ignore_invalid_upstream_ssl": { - "$ref": "#/definitions/ignore_invalid_upstream_ssl" - }, "access_list_id": { "$ref": "#/definitions/access_list_id" }, diff --git a/src/backend/templates/proxy_host.conf b/src/backend/templates/proxy_host.conf index 911fb3cc..af89834d 100644 --- a/src/backend/templates/proxy_host.conf +++ b/src/backend/templates/proxy_host.conf @@ -23,11 +23,11 @@ server { {% include "_forced_ssl.conf" %} - {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - {% endif %} + {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + {% endif %} # Proxy! include conf.d/include/proxy.conf; diff --git a/src/frontend/js/app/nginx/proxy/form.ejs b/src/frontend/js/app/nginx/proxy/form.ejs index 6cda34fa..1cc13b5e 100644 --- a/src/frontend/js/app/nginx/proxy/form.ejs +++ b/src/frontend/js/app/nginx/proxy/form.ejs @@ -59,7 +59,7 @@ -
+
-
-
- -
-
-
diff --git a/src/frontend/js/app/nginx/proxy/form.js b/src/frontend/js/app/nginx/proxy/form.js index 89410e34..19cf2791 100644 --- a/src/frontend/js/app/nginx/proxy/form.js +++ b/src/frontend/js/app/nginx/proxy/form.js @@ -27,19 +27,10 @@ module.exports = Mn.View.extend({ ssl_forced: 'input[name="ssl_forced"]', http2_support: 'input[name="http2_support"]', forward_scheme: 'select[name="forward_scheme"]', - ignore_ssl: 'input[name="ignore_invalid_upstream_ssl"]', letsencrypt: '.letsencrypt' }, events: { - 'change @ui.forward_scheme': function () { - let val = this.ui.forward_scheme.val(); - this.ui.ignore_ssl - .prop('disabled', val === 'http') - .parents('.form-group') - .css('opacity', val === 'https' ? 1 : 0.5); - }, - 'change @ui.certificate_select': function () { let id = this.ui.certificate_select.val(); if (id === 'new') { @@ -71,7 +62,6 @@ module.exports = Mn.View.extend({ data.block_exploits = !!data.block_exploits; data.caching_enabled = !!data.caching_enabled; data.allow_websocket_upgrade = !!data.allow_websocket_upgrade; - data.ignore_invalid_upstream_ssl = data.forward_scheme === 'https' ? !!data.ignore_invalid_upstream_ssl : false; if (typeof data.ssl_forced !== 'undefined' && data.ssl_forced === '1') { data.ssl_forced = true; @@ -215,8 +205,6 @@ module.exports = Mn.View.extend({ view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id')); } }); - - this.ui.forward_scheme.trigger('change'); }, initialize: function (options) { diff --git a/src/frontend/js/models/proxy-host.js b/src/frontend/js/models/proxy-host.js index 41e45d05..b8dfdf35 100644 --- a/src/frontend/js/models/proxy-host.js +++ b/src/frontend/js/models/proxy-host.js @@ -7,27 +7,26 @@ const model = Backbone.Model.extend({ defaults: function () { return { - id: undefined, - created_on: null, - modified_on: null, - domain_names: [], - forward_scheme: 'http', - forward_host: '', - forward_port: null, - access_list_id: 0, - certificate_id: 0, - ssl_forced: false, - caching_enabled: false, - allow_websocket_upgrade: false, - block_exploits: false, - http2_support: false, - ignore_invalid_upstream_ssl: false, - advanced_config: '', - meta: {}, + id: undefined, + created_on: null, + modified_on: null, + domain_names: [], + forward_scheme: 'http', + forward_host: '', + forward_port: null, + access_list_id: 0, + certificate_id: 0, + ssl_forced: false, + caching_enabled: false, + allow_websocket_upgrade: false, + block_exploits: false, + http2_support: false, + advanced_config: '', + meta: {}, // The following are expansions: - owner: null, - access_list: null, - certificate: null + owner: null, + access_list: null, + certificate: null }; } });