Feature Request: Indexable sslVerifyNone query parameter

[shazChaudhry]

I would like to make a feature request for an indexable sslVerifyNone query parameter please.

My scenario is a single service providing multiple destinations such as:

1. http://PROXY:80/ --> http://WSO2:8280/
2. https://PROXY:443/ --> https://WSO2:8243/
3. https://PROXY:443/carbon --> https://WSO2:9443/carbon

As can be seen from the mapping above, some of the backend service destinations are SSL enabled which unfortunately I can not change. So, for the backend service destinations to be reached, the following strategy had to be adopted:

1. Used ssl termination at proxy ( followed Adding Certificates As Docker Secrets / Configuring SSL Certificates tutorial)
2. Set "sslVerifyNone = true"

Backend service configuration

version: "3.5"

services:

...

  WSO2:
    image: localhost:5000/wso2-integrator:6.1.1
    ...
    networks:
      - proxy
    deploy:
      labels:
        - com.df.notify=true
	- com.df.distribute=true
	- com.df.sslVerifyNone=true   # see below for the result when this parameter was set to false
		
        - com.df.servicePath.1=/
        - com.df.port.1=8280
	- com.df.srcPort.1=80
		
        - com.df.servicePath.2=/
        - com.df.port.2=8243
	- com.df.srcPort.2=443
		
        - com.df.servicePath.3=/carbon
        - com.df.port.3=9443
	- com.df.srcPort.3=443

...

networks:
  proxy:

Describe the results you received:

1. When "sslVerifyNone = true"
   1st service destination mentioned above was not reachable
   2nd and 3rd destinations were reachable and ssl enabled backend services worked just fine

2. When "sslVerifyNone = false"
   1st service destination mentioned above was reachable
   2nd and 3rd destinations were not reachable

Describe the results you expected:
All three service destinations are expected to be reachable

Additional information you deem important:
Please follow these steps which I had to perform manually to achieve the expected result:

1. Publish port 8080 on the proxy service and re-run the app stack (docker stack deploy ....)
2. Exec into the proxy container
3. Edit haproxy configuration (/cfg/haproxy.cfg) to remove ssl verify none text from the backend service for http:8280 (1st service destination)
   • This feature request is asking for the query parameter to be indexed such as com.df.sslVerifyNone.1=false so that ssl verify none text does not appear in the haproxy backend configuration
4. Reload haproxy configurations in the docker flow proxy curl -i "[PROXY_IP]:8080/v1/docker-flow-proxy/reload?recreate=false&fromListener=true"
5. Browse and confirm that all three service destinations (both http and https) are reachable

Please give us a shout if further info is required. I will really be grateful if this feature request could be implemented.

[vfarcic]

I can work on this next Monday or Tuesday. Please let me know if that's OK or you need it more urgently.

[shazChaudhry]

Thank you very much for considering this feature request. It really will be very helpful.

Next week is fine. It is not urgent.

[vfarcic]

It's available in the release 18.03.04-114.

Please try it out @shazChaudhry and let me know if it works as expected.

[shazChaudhry]

Thank you very much. I really appreciate it.

My all three endpoints are now reachable :)