proxy: support certificate authority to verify server (#49)

2025-05-31 09:57:17 +02:00 · 2019-02-18 09:58:05 -08:00 · 2019-02-18 09:58:05 -08:00 · 7b1e832b45
commit 7b1e832b45
parent ede412448a
6 changed files with 50 additions and 7 deletions
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@ -37,6 +37,8 @@ type Options struct {
 	AuthenticateInternalAddr string   `envconfig:"AUTHENTICATE_INTERNAL_URL"`
 	OverrideCertificateName  string   `envconfig:"OVERRIDE_CERTIFICATE_NAME"`
 	AuthenticatePort         int      `envconfig:"AUTHENTICATE_SERVICE_PORT"`
+	CA                       string   `envconfig:"CERTIFICATE_AUTHORITY"`
+	CAFile                   string   `envconfig:"CERTIFICATE_AUTHORITY_FILE"`

 	// SigningKey is a base64 encoded private key used to add a JWT-signature to proxied requests.
 	// See : https://www.pomerium.io/guide/signed-headers.html
@ -207,6 +209,8 @@ func New(opts *Options) (*Proxy, error) {
 			OverrideCertificateName: opts.OverrideCertificateName,
 			SharedSecret:            opts.SharedKey,
 			Port:                    opts.AuthenticatePort,
+			CA:                      opts.CA,
+			CAFile:                  opts.CAFile,
 		})
 	return p, nil
 }