diff --git a/backend/src/bin/daemon.rs b/backend/src/bin/daemon.rs index 3dd4fa07..0e87ee0c 100644 --- a/backend/src/bin/daemon.rs +++ b/backend/src/bin/daemon.rs @@ -68,6 +68,10 @@ struct Cli { /// Docker socket proxy #[arg(long)] docker_proxy: Option, + + /// Allow self-signed certificates + #[arg(long)] + allow_self_signed_certs: Option, } impl From for CliArgs { @@ -84,6 +88,7 @@ impl From for CliArgs { concurrent_scans: cli.concurrent_scans, daemon_api_key: cli.daemon_api_key, docker_proxy: cli.docker_proxy, + allow_self_signed_certs: cli.allow_self_signed_certs, } } } diff --git a/backend/src/daemon/runtime/service.rs b/backend/src/daemon/runtime/service.rs index f8c288eb..4a37cf74 100644 --- a/backend/src/daemon/runtime/service.rs +++ b/backend/src/daemon/runtime/service.rs @@ -21,9 +21,19 @@ pub struct DaemonRuntimeService { impl DaemonRuntimeService { pub fn new(config_store: Arc) -> Self { + let mut client_builder = reqwest::Client::builder(); + + if config_store + .get_allow_self_signed_certs() + .unwrap_or(Some(false)) + .unwrap_or(false) + { + client_builder = client_builder.danger_accept_invalid_certs(true); + } + Self { config_store, - client: reqwest::Client::new(), + client: client_builder.build().unwrap(), utils: create_system_utils(), } } diff --git a/backend/src/daemon/shared/storage.rs b/backend/src/daemon/shared/storage.rs index 58667acd..ac9b010b 100644 --- a/backend/src/daemon/shared/storage.rs +++ b/backend/src/daemon/shared/storage.rs @@ -24,6 +24,7 @@ pub struct CliArgs { pub concurrent_scans: Option, pub daemon_api_key: Option, pub docker_proxy: Option, + pub allow_self_signed_certs: Option, } /// Unified configuration struct that handles both startup and runtime config @@ -48,6 +49,7 @@ pub struct AppConfig { pub host_id: Option, pub daemon_api_key: Option, pub docker_proxy: Option, + pub allow_self_signed_certs: Option, } impl Default for AppConfig { @@ -67,6 +69,7 @@ impl Default for AppConfig { daemon_api_key: None, concurrent_scans: 15, docker_proxy: None, + allow_self_signed_certs: None, } } } @@ -127,6 +130,9 @@ impl AppConfig { if let Some(docker_proxy) = cli_args.docker_proxy { figment = figment.merge(("docker_proxy", docker_proxy)); } + if let Some(allow_self_signed_certs) = cli_args.allow_self_signed_certs { + figment = figment.merge(("allow_self_signed_certs", allow_self_signed_certs)); + } let config: AppConfig = figment .extract() @@ -282,6 +288,11 @@ impl ConfigStore { Ok(config.docker_proxy.clone()) } + pub fn get_allow_self_signed_certs(&self) -> Result> { + let config = self.config.try_read()?; + Ok(config.allow_self_signed_certs) + } + pub async fn get_heartbeat_interval(&self) -> Result { let config = self.config.read().await; Ok(config.heartbeat_interval)