Added -registry.consul.register.tlsskipverify flag

When serving the UI/API over HTTPS, the fabio consul health check fails as it's trying to connect to the page over its IP. Most certificates don't include IP SANs. This flag allows users to toggle whether or not to skip TLS verification of this particular check.
fabiolb · Apr 21, 2017 · 402ce99 · 402ce99
1 parent 993e448
commit 402ce99
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 27 deletions.
diff --git a/config/config.go b/config/config.go
@@ -106,17 +106,18 @@ type File struct {
 }
 
 type Consul struct {
-	Addr          string
-	Scheme        string
-	Token         string
-	KVPath        string
-	TagPrefix     string
-	Register      bool
-	ServiceAddr   string
-	ServiceName   string
-	ServiceTags   []string
-	ServiceStatus []string
-	CheckInterval time.Duration
-	CheckTimeout  time.Duration
-	CheckScheme   string
+	Addr                 string
+	Scheme               string
+	Token                string
+	KVPath               string
+	TagPrefix            string
+	Register             bool
+	ServiceAddr          string
+	ServiceName          string
+	ServiceTLSSkipVerify bool
+	ServiceTags          []string
+	ServiceStatus        []string
+	CheckInterval        time.Duration
+	CheckTimeout         time.Duration
+	CheckScheme          string
 }
diff --git a/config/default.go b/config/default.go
@@ -43,17 +43,18 @@ var defaultConfig = &Config{
 	Registry: Registry{
 		Backend: "consul",
 		Consul: Consul{
-			Addr:          "localhost:8500",
-			Scheme:        "http",
-			KVPath:        "/fabio/config",
-			TagPrefix:     "urlprefix-",
-			Register:      true,
-			ServiceAddr:   ":9998",
-			ServiceName:   "fabio",
-			ServiceStatus: []string{"passing"},
-			CheckInterval: time.Second,
-			CheckTimeout:  3 * time.Second,
-			CheckScheme:   "http",
+			Addr:                 "localhost:8500",
+			Scheme:               "http",
+			KVPath:               "/fabio/config",
+			TagPrefix:            "urlprefix-",
+			Register:             true,
+			ServiceAddr:          ":9998",
+			ServiceName:          "fabio",
+			ServiceTLSSkipVerify: false,
+			ServiceStatus:        []string{"passing"},
+			CheckInterval:        time.Second,
+			CheckTimeout:         3 * time.Second,
+			CheckScheme:          "http",
 		},
 		Timeout: 10 * time.Second,
 		Retry:   500 * time.Millisecond,

diff --git a/config/load.go b/config/load.go
@@ -158,6 +158,7 @@ func load(cmdline, environ, envprefix []string, props *properties.Properties) (c
 	f.BoolVar(&cfg.Registry.Consul.Register, "registry.consul.register.enabled", defaultConfig.Registry.Consul.Register, "register fabio in consul")
 	f.StringVar(&cfg.Registry.Consul.ServiceAddr, "registry.consul.register.addr", defaultConfig.Registry.Consul.ServiceAddr, "service registration address")
 	f.StringVar(&cfg.Registry.Consul.ServiceName, "registry.consul.register.name", defaultConfig.Registry.Consul.ServiceName, "service registration name")
+	f.BoolVar(&cfg.Registry.Consul.ServiceTLSSkipVerify, "registry.consul.register.tlsskipverify", defaultConfig.Registry.Consul.ServiceTLSSkipVerify, "service tls verification")
 	f.StringSliceVar(&cfg.Registry.Consul.ServiceTags, "registry.consul.register.tags", defaultConfig.Registry.Consul.ServiceTags, "service registration tags")
 	f.StringSliceVar(&cfg.Registry.Consul.ServiceStatus, "registry.consul.service.status", defaultConfig.Registry.Consul.ServiceStatus, "valid service status values")
 	f.DurationVar(&cfg.Registry.Consul.CheckInterval, "registry.consul.register.checkInterval", defaultConfig.Registry.Consul.CheckInterval, "service check interval")

diff --git a/config/load_test.go b/config/load_test.go
@@ -425,6 +425,13 @@ func TestLoad(t *testing.T) {
 				return cfg
 			},
 		},
+		{
+			args: []string{"-registry.consul.register.tlsskipverify=false"},
+			cfg: func(cfg *Config) *Config {
+				cfg.Registry.Consul.ServiceTLSSkipVerify = false
+				return cfg
+			},
+		},
 		{
 			args: []string{"-registry.consul.register.tags", "a, b, c, "},
 			cfg: func(cfg *Config) *Config {

diff --git a/registry/consul/register.go b/registry/consul/register.go
@@ -115,9 +115,10 @@ func serviceRegistration(cfg *config.Consul) (*api.AgentServiceRegistration, err
 		Port:    port,
 		Tags:    cfg.ServiceTags,
 		Check: &api.AgentServiceCheck{
-			HTTP:     checkURL,
-			Interval: cfg.CheckInterval.String(),
-			Timeout:  cfg.CheckTimeout.String(),
+			HTTP:          checkURL,
+			Interval:      cfg.CheckInterval.String(),
+			Timeout:       cfg.CheckTimeout.String(),
+			TLSSkipVerify: cfg.ServiceTLSSkipVerify,
 		},
 	}