insecure_skip_verify for upstream

Question

insecure_skip_verify for upstream

Opened this issue 5 months ago · 0 comments

wei840222 commented 5 months ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

In the company's own Kubernetes cluster, some applications such as Kibana use self-signed CA certificates to host HTTPS services. Since the environment is not public to the Internet, I want to directly trust these self-hosted HTTPS services.

Describe your ideal solution

add InsecureSkipVerify option in here https://github.com/ory/oathkeeper/blob/master/proxy/proxy.go#L77.

http.Transport{
  TLSClientConfig: &tls.Config{
    InsecureSkipVerify: true, // in cluster server certificate is not trusted.
}

Workarounds or alternatives

https://github.com/ory/oathkeeper/pull/1197/files

Version

v0.40.7

Additional Context

No response