Loadbalancer reverse-proxy: SSL backend skip CA certificate verification
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	Embezzle
	Mon, Apr 15, 10:25 AM

Description

Add the ability for the reverse-proxy to connect via SSL to backends with self-signed certificates.
To do this would require an additional option in the VyOS config, which would in turn set ssl verify none in the HAProxy configuration.

Example of VyOS configuration:

set load-balancing reverse-proxy backend bk-default ssl no-verify

Example of how this would be rendered in HAProxy configuration:

server bk-01 127.0.0.1:9090 ssl verify none

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Improvement (missing useful functionality)

Event Timeline

Embezzle created this task.Mon, Apr 15, 10:25 AM

pasik added a subscriber: pasik.Mon, Apr 15, 11:44 AM

Embezzle claimed this task.Mon, Apr 15, 12:07 PM

Viacheslav triaged this task as Wishlist priority.Mon, Apr 15, 1:58 PM

PR: https://github.com/vyos/vyos-1x/pull/3315

Viacheslav changed the task status from Open to Needs testing.Tue, Apr 16, 7:20 PM

Tested as working in: VyOS 1.5-rolling-202404190019

Viacheslav added a project: VyOS 1.4 Sagitta (1.4.0-epa3).Sat, Apr 20, 2:54 AM

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.

Loadbalancer reverse-proxy: SSL backend skip CA certificate verificationClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Loadbalancer reverse-proxy: SSL backend skip CA certificate verification
Closed, ResolvedPublicFEATURE REQUEST
Actions