Revert ignoring ssl proxy errors, doesn't make a difference

jc21 · jc21 · commit 2657bcf30c0b · 2018-12-13T14:16:21.000+10:00
diff --git a/src/backend/internal/proxy-host.js b/src/backend/internal/proxy-host.js
@@ -48,11 +48,6 @@ const internalProxyHost = {
                 // At this point the domains should have been checked
                 data.owner_user_id = access.token.getUserId(1);
 
-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                 return proxyHostModel
                     .query()
                     .omit(omissions())
@@ -170,11 +165,6 @@ const internalProxyHost = {
                     domain_names: row.domain_names
                 }, data);
 
-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (typeof data.forward_scheme !== 'undefined' && data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                 return proxyHostModel
                     .query()
                     .where({id: data.id})
diff --git a/src/backend/migrations/20181213013211_forward_scheme.js b/src/backend/migrations/20181213013211_forward_scheme.js
@@ -17,7 +17,6 @@ exports.up = function (knex/*, Promise*/) {
 
     return knex.schema.table('proxy_host', function (proxy_host) {
         proxy_host.string('forward_scheme').notNull().defaultTo('http');
-        proxy_host.integer('ignore_invalid_upstream_ssl').notNull().unsigned().defaultTo(0);
     })
         .then(() => {
             logger.info('[' + migrate_name + '] proxy_host Table altered');
diff --git a/src/backend/schema/endpoints/proxy-hosts.json b/src/backend/schema/endpoints/proxy-hosts.json
@@ -52,11 +52,6 @@
       "example": true,
       "type": "boolean"
     },
-    "ignore_invalid_upstream_ssl": {
-      "description": "Ignore invalid upstream SSL certificates",
-      "example": true,
-      "type": "boolean"
-    },
     "access_list_id": {
       "$ref": "../definitions.json#/definitions/access_list_id"
     },
@@ -107,9 +102,6 @@
     "allow_websocket_upgrade": {
       "$ref": "#/definitions/allow_websocket_upgrade"
     },
-    "ignore_invalid_upstream_ssl": {
-      "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-    },
     "access_list_id": {
       "$ref": "#/definitions/access_list_id"
     },
@@ -188,9 +180,6 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
@@ -252,9 +241,6 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
diff --git a/src/backend/templates/proxy_host.conf b/src/backend/templates/proxy_host.conf
@@ -23,11 +23,11 @@ server {
 
 {% include "_forced_ssl.conf" %}
 
-   {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
-   proxy_set_header Upgrade $http_upgrade;
-   proxy_set_header Connection "upgrade";
-   proxy_http_version 1.1;
-   {% endif %}
+    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_http_version 1.1;
+    {% endif %}
 
     # Proxy!
     include conf.d/include/proxy.conf;
diff --git a/src/frontend/js/app/nginx/proxy/form.ejs b/src/frontend/js/app/nginx/proxy/form.ejs
@@ -59,7 +59,7 @@
                                 </label>
                             </div>
                         </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-12 col-md-12">
                             <div class="form-group">
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@@ -69,16 +69,6 @@
                             </div>
                         </div>
 
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="ignore_invalid_upstream_ssl" value="1"<%- ignore_invalid_upstream_ssl ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'ignore-invalid-upstream-ssl') %></span>
-                                </label>
-                            </div>
-                        </div>
-
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
                                 <label class="form-label"><%- i18n('proxy-hosts', 'access-list') %></label>
diff --git a/src/frontend/js/app/nginx/proxy/form.js b/src/frontend/js/app/nginx/proxy/form.js
@@ -27,19 +27,10 @@ module.exports = Mn.View.extend({
         ssl_forced:         'input[name="ssl_forced"]',
         http2_support:      'input[name="http2_support"]',
         forward_scheme:     'select[name="forward_scheme"]',
-        ignore_ssl:         'input[name="ignore_invalid_upstream_ssl"]',
         letsencrypt:        '.letsencrypt'
     },
 
     events: {
-        'change @ui.forward_scheme': function () {
-            let val = this.ui.forward_scheme.val();
-            this.ui.ignore_ssl
-                .prop('disabled', val === 'http')
-                .parents('.form-group')
-                .css('opacity', val === 'https' ? 1 : 0.5);
-        },
-
         'change @ui.certificate_select': function () {
             let id = this.ui.certificate_select.val();
             if (id === 'new') {
@@ -71,7 +62,6 @@ module.exports = Mn.View.extend({
             data.block_exploits              = !!data.block_exploits;
             data.caching_enabled             = !!data.caching_enabled;
             data.allow_websocket_upgrade     = !!data.allow_websocket_upgrade;
-            data.ignore_invalid_upstream_ssl = data.forward_scheme === 'https' ? !!data.ignore_invalid_upstream_ssl : false;
 
             if (typeof data.ssl_forced !== 'undefined' && data.ssl_forced === '1') {
                 data.ssl_forced = true;
@@ -215,8 +205,6 @@ module.exports = Mn.View.extend({
                 view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
             }
         });
-
-        this.ui.forward_scheme.trigger('change');
     },
 
     initialize: function (options) {
diff --git a/src/frontend/js/models/proxy-host.js b/src/frontend/js/models/proxy-host.js
@@ -7,27 +7,26 @@ const model = Backbone.Model.extend({
 
     defaults: function () {
         return {
-            id:                          undefined,
-            created_on:                  null,
-            modified_on:                 null,
-            domain_names:                [],
-            forward_scheme:              'http',
-            forward_host:                '',
-            forward_port:                null,
-            access_list_id:              0,
-            certificate_id:              0,
-            ssl_forced:                  false,
-            caching_enabled:             false,
-            allow_websocket_upgrade:     false,
-            block_exploits:              false,
-            http2_support:               false,
-            ignore_invalid_upstream_ssl: false,
-            advanced_config:             '',
-            meta:                        {},
+            id:                      undefined,
+            created_on:              null,
+            modified_on:             null,
+            domain_names:            [],
+            forward_scheme:          'http',
+            forward_host:            '',
+            forward_port:            null,
+            access_list_id:          0,
+            certificate_id:          0,
+            ssl_forced:              false,
+            caching_enabled:         false,
+            allow_websocket_upgrade: false,
+            block_exploits:          false,
+            http2_support:           false,
+            advanced_config:         '',
+            meta:                    {},
             // The following are expansions:
-            owner:                       null,
-            access_list:                 null,
-            certificate:                 null
+            owner:                   null,
+            access_list:             null,
+            certificate:             null
         };
     }
 });
