Skip to content
Permalink
Browse files

Adds the option to skip TLS verification for a Gotify instance (#544)

  • Loading branch information
tammert committed May 22, 2020
1 parent 10fd81a commit dccdf708a9dda00f1932d4138ca759a0c4db50af
Showing with 33 additions and 12 deletions.
  1. +2 −0 docs/notifications.md
  2. +10 −4 internal/flags/flags.go
  3. +1 −1 pkg/api/api.go
  4. +20 −7 pkg/notifications/gotify.go
@@ -170,6 +170,8 @@ docker run -d \
containrrr/watchtower
```

If you want to disable TLS verification for the Gotify instance, you can use either `-e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true` or `--notification-gotify-tls-skip-verify`.

### [containrrr/shoutrrr](https://github.com/containrrr/shoutrrr)

To send notifications via shoutrrr, the following command-line options, or their corresponding environment variables, can be set:
@@ -183,10 +183,8 @@ func RegisterNotificationFlags(rootCmd *cobra.Command) {
"notification-email-server-tls-skip-verify",
"",
viper.GetBool("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY"),
`
Controls whether watchtower verifies the SMTP server's certificate chain and host name.
Should only be used for testing.
`)
`Controls whether watchtower verifies the SMTP server's certificate chain and host name.
Should only be used for testing.`)

flags.StringP(
"notification-email-server-user",
@@ -253,12 +251,20 @@ Should only be used for testing.
"",
viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_URL"),
"The Gotify URL to send notifications to")

flags.StringP(
"notification-gotify-token",
"",
viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN"),
"The Gotify Application required to query the Gotify API")

flags.BoolP(
"notification-gotify-tls-skip-verify",
"",
viper.GetBool("WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY"),
`Controls whether watchtower verifies the Gotify server's certificate chain and host name.
Should only be used for testing.`)

flags.StringP(
"notification-template",
"",
@@ -18,7 +18,7 @@ func init() {
lock <- true
}

// SetupHTTPUpdates configures the endopint needed for triggering updates via http
// SetupHTTPUpdates configures the endpoint needed for triggering updates via http
func SetupHTTPUpdates(apiToken string, updateFunction func()) error {
if apiToken == "" {
return errors.New("api token is empty or has not been set. not starting api")
@@ -2,6 +2,7 @@ package notifications

import (
"bytes"
"crypto/tls"
"encoding/json"
"fmt"
"net/http"
@@ -17,9 +18,10 @@ const (
)

type gotifyTypeNotifier struct {
gotifyURL string
gotifyAppToken string
logLevels []log.Level
gotifyURL string
gotifyAppToken string
gotifyInsecureSkipVerify bool
logLevels []log.Level
}

func newGotifyNotifier(c *cobra.Command, acceptedLogLevels []log.Level) t.Notifier {
@@ -39,10 +41,13 @@ func newGotifyNotifier(c *cobra.Command, acceptedLogLevels []log.Level) t.Notifi
log.Fatal("Required argument --notification-gotify-token(cli) or WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN(env) is empty.")
}

gotifyInsecureSkipVerify, _ := flags.GetBool("notification-gotify-tls-skip-verify")

n := &gotifyTypeNotifier{
gotifyURL: gotifyURL,
gotifyAppToken: gotifyToken,
logLevels: acceptedLogLevels,
gotifyURL: gotifyURL,
gotifyAppToken: gotifyToken,
gotifyInsecureSkipVerify: gotifyInsecureSkipVerify,
logLevels: acceptedLogLevels,
}

log.AddHook(n)
@@ -79,8 +84,16 @@ func (n *gotifyTypeNotifier) Fire(entry *log.Entry) error {
return
}

// Explicitly define the client so we can set InsecureSkipVerify to the desired value.
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: n.gotifyInsecureSkipVerify,
},
},
}
jsonBodyBuffer := bytes.NewBuffer([]byte(jsonBody))
resp, err := http.Post(n.getURL(), "application/json", jsonBodyBuffer)
resp, err := client.Post(n.getURL(), "application/json", jsonBodyBuffer)
if err != nil {
fmt.Println("Failed to send Gotify notification: ", err)
return

0 comments on commit dccdf70

Please sign in to comment.
You can’t perform that action at this time.