diff --git a/agent/app/dto/request/website.go b/agent/app/dto/request/website.go index 2e133643dae8..ec3c5b10b778 100644 --- a/agent/app/dto/request/website.go +++ b/agent/app/dto/request/website.go @@ -269,6 +269,7 @@ type WebsiteProxyConfig struct { Replaces map[string]string `json:"replaces"` SNI bool `json:"sni"` ProxySSLName string `json:"proxySSLName"` + SSLVerify bool `json:"sslVerify"` CorsConfig } diff --git a/agent/app/service/website_proxy.go b/agent/app/service/website_proxy.go index 5732687a92d1..3dc629cb2d2f 100644 --- a/agent/app/service/website_proxy.go +++ b/agent/app/service/website_proxy.go @@ -115,6 +115,11 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error) return } applyLocationProxyPass(location, req.ProxyPass, &req.SNI, req.ProxySSLName) + if isHTTPSProxyPass(req.ProxyPass) && req.SSLVerify { + location.UpdateDirective("proxy_ssl_verify", []string{"on"}) + } else { + location.RemoveDirective("proxy_ssl_verify", []string{}) + } location.UpdateDirective("proxy_set_header", []string{"Host", req.ProxyHost}) location.ChangePath(req.Modifier, req.Match) // Server Cache Settings @@ -329,6 +334,9 @@ func (w WebsiteService) GetProxies(id uint) (res []request.WebsiteProxyConfig, e if directive.GetName() == "proxy_ssl_name" && len(directive.GetParameters()) > 0 { proxyConfig.ProxySSLName = directive.GetParameters()[0] } + if directive.GetName() == "proxy_ssl_verify" { + proxyConfig.SSLVerify = len(directive.GetParameters()) > 0 && directive.GetParameters()[0] == "on" + } } proxyConfig.Cors = location.Cors proxyConfig.AllowCredentials = location.AllowCredentials diff --git a/frontend/src/api/interface/website.ts b/frontend/src/api/interface/website.ts index 718dd90b9a45..3ee30ffebb89 100644 --- a/frontend/src/api/interface/website.ts +++ b/frontend/src/api/interface/website.ts @@ -439,6 +439,7 @@ export namespace Website { proxyProtocol?: string; sni?: boolean; proxySSLName: string; + sslVerify?: boolean; cors: boolean; allowOrigins: string; allowMethods: string; diff --git a/frontend/src/lang/modules/en.ts b/frontend/src/lang/modules/en.ts index 54f9e4ec60f2..97a5fd5e27ea 100644 --- a/frontend/src/lang/modules/en.ts +++ b/frontend/src/lang/modules/en.ts @@ -2759,6 +2759,8 @@ const message = { sni: 'Origin SNI', sniHelper: "When the reverse proxy backend is HTTPS, you might need to set the origin SNI. See the CDN service provider's documentation for details.", + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', createDb: 'Create Database', enableSSLHelper: 'Failure to enable will not affect the creation of the website', diff --git a/frontend/src/lang/modules/es-es.ts b/frontend/src/lang/modules/es-es.ts index 1ceacd09d508..32776bbc6cb7 100644 --- a/frontend/src/lang/modules/es-es.ts +++ b/frontend/src/lang/modules/es-es.ts @@ -2794,6 +2794,8 @@ const message = { sni: 'SNI de origen', sniHelper: 'Cuando el backend proxy es HTTPS, puede ser necesario configurar el SNI. Consulta la doc del proveedor CDN.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', createDb: 'Crear base de datos', enableSSLHelper: 'Si falla, no afectará la creación del sitio', diff --git a/frontend/src/lang/modules/ja.ts b/frontend/src/lang/modules/ja.ts index aafabd7bcd8f..013c8c2a75b1 100644 --- a/frontend/src/lang/modules/ja.ts +++ b/frontend/src/lang/modules/ja.ts @@ -2781,6 +2781,8 @@ const message = { sni: '起源は悲しい', sniHelper: '逆プロキシバックエンドがHTTPSの場合、Origin SNIを設定する必要がある場合があります。詳細については、CDNサービスプロバイダーのドキュメントを参照してください。', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'huaweiCloud', createDb: 'データベースを作成', enableSSLHelper: 'SSLの有効化に失敗しても、ウェブサイトの作成には影響しません。', diff --git a/frontend/src/lang/modules/ko.ts b/frontend/src/lang/modules/ko.ts index 82563c34ff9e..26f1dcc8bee9 100644 --- a/frontend/src/lang/modules/ko.ts +++ b/frontend/src/lang/modules/ko.ts @@ -2715,6 +2715,8 @@ const message = { sni: '원본 SNI', sniHelper: '역방향 프록시 백엔드가 HTTPS 인 경우 원본 SNI 를 설정해야 할 수 있습니다. 자세한 내용은 CDN 서비스 제공자의 문서를 참조하세요.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: '화웨이 클라우드', createDb: '데이터베이스 생성', enableSSLHelper: 'SSL 활성화 실패는 웹사이트 생성에 영향을 미치지 않습니다.', diff --git a/frontend/src/lang/modules/ms.ts b/frontend/src/lang/modules/ms.ts index ab4b0221e3b8..cf6836249079 100644 --- a/frontend/src/lang/modules/ms.ts +++ b/frontend/src/lang/modules/ms.ts @@ -2811,6 +2811,8 @@ const message = { sni: 'Sumber SNI', sniHelper: 'Apabila backend proksi terbalik adalah HTTPS, anda mungkin perlu menetapkan sumber SNI. Sila rujuk dokumentasi penyedia perkhidmatan CDN untuk butiran.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', createDb: 'Cipta Pangkalan Data', enableSSLHelper: 'Kegagalan mengaktifkan SSL tidak akan menjejaskan penciptaan laman web.', diff --git a/frontend/src/lang/modules/pt-br.ts b/frontend/src/lang/modules/pt-br.ts index 1107e20b0ec8..76b646879ecd 100644 --- a/frontend/src/lang/modules/pt-br.ts +++ b/frontend/src/lang/modules/pt-br.ts @@ -2951,6 +2951,8 @@ const message = { sni: 'SNI de origem', sniHelper: 'Quando o proxy reverso de backend for HTTPS, você pode precisar configurar o SNI de origem. Consulte a documentação do provedor de serviços CDN para mais detalhes.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', createDb: 'Criar Banco de Dados', enableSSLHelper: 'A falha ao ativar o SSL não afetará a criação do site.', diff --git a/frontend/src/lang/modules/ru.ts b/frontend/src/lang/modules/ru.ts index 2d855f66c5f1..ba24499e2751 100644 --- a/frontend/src/lang/modules/ru.ts +++ b/frontend/src/lang/modules/ru.ts @@ -2811,6 +2811,8 @@ const message = { sni: 'Origin SNI', sniHelper: 'Когда бэкенд обратного прокси использует HTTPS, может потребоваться установить origin SNI. Подробности см. в документации провайдера CDN.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', rcreateDb: 'Создать Базу Данных', enableSSLHelper: 'Неудача при включении SSL не повлияет на создание сайта.', diff --git a/frontend/src/lang/modules/tr.ts b/frontend/src/lang/modules/tr.ts index 557e3a5fc671..2fe22f4b48ab 100644 --- a/frontend/src/lang/modules/tr.ts +++ b/frontend/src/lang/modules/tr.ts @@ -2809,6 +2809,8 @@ const message = { sni: 'Kaynak SNI', sniHelper: 'Ters vekil arka ucu HTTPS olduğunda, kaynak SNI’yi ayarlamanız gerekebilir. Ayrıntılar için CDN hizmet sağlayıcısının belgelerine bakın.', + proxySslVerify: 'Verify Backend SSL Certificate', + proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).', huaweicloud: 'Huawei Cloud', createDb: 'Veritabanı Oluştur', enableSSLHelper: 'Etkinleştirme başarısızlığı web sitesinin oluşturulmasını etkilemez', diff --git a/frontend/src/lang/modules/zh-Hant.ts b/frontend/src/lang/modules/zh-Hant.ts index b170beb22e06..b6e1f41a3da6 100644 --- a/frontend/src/lang/modules/zh-Hant.ts +++ b/frontend/src/lang/modules/zh-Hant.ts @@ -2559,6 +2559,8 @@ const message = { website404Helper: '網站 404 錯誤頁僅支援 PHP 執行環境網站和靜態網站', sni: '回源 SNI', sniHelper: '反代後端為 https 的時候可能需要設定回源 SNI,詳細需要看 CDN 服務商檔案', + proxySslVerify: '校驗後端 SSL 憑證', + proxySslVerifyHelper: '開啟後,反向代理 HTTPS 後端時將嚴格校驗伺服器憑證(預設不校驗)', huaweicloud: '華為雲', createDb: '建立資料庫', enableSSLHelper: '開啟失敗不會影響網站建立', diff --git a/frontend/src/lang/modules/zh.ts b/frontend/src/lang/modules/zh.ts index c2483571a8ef..2e5441a4c7ed 100644 --- a/frontend/src/lang/modules/zh.ts +++ b/frontend/src/lang/modules/zh.ts @@ -2560,6 +2560,8 @@ const message = { website404Helper: '网站 404 错误页仅支持 PHP 运行环境网站和静态网站', sni: '回源 SNI', sniHelper: '反代后端为 https 的时候可能需要设置回源 SNI,具体需要看 CDN 服务商文档', + proxySslVerify: '校验后端 SSL 证书', + proxySslVerifyHelper: '开启后,反向代理 HTTPS 后端时将严格校验服务器证书(默认不校验)', huaweicloud: '华为云', createDb: '创建数据库', enableSSLHelper: '开启失败不会影响网站创建', diff --git a/frontend/src/views/website/website/config/basic/proxy/create/index.vue b/frontend/src/views/website/website/config/basic/proxy/create/index.vue index bd7d817537b1..bcdfd5cd78b3 100644 --- a/frontend/src/views/website/website/config/basic/proxy/create/index.vue +++ b/frontend/src/views/website/website/config/basic/proxy/create/index.vue @@ -68,6 +68,14 @@ > + +
+
+ {{ $t('website.proxySslVerify') }} + {{ $t('website.proxySslVerifyHelper') }} +
+ +
@@ -279,6 +287,7 @@ const initData = (): Website.ProxyConfig => ({ proxyProtocol: 'http://', sni: false, proxySSLName: '', + sslVerify: false, serverCacheTime: 10, serverCacheUnit: 'm', browserCache: 'noModify',