From 132ec556dc206c7f4453b194d58112944b5b96db Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Mon, 27 Mar 2023 13:43:38 +0300 Subject: [PATCH] Pull request 1788: 5642-fix-healthcheck-ssl Merge in DNS/adguard-home from 5642-fix-healthcheck-ssl to master Updates #5642. Updates #3290. Squashed commit of the following: commit c457ecbc08f58bb4f31bade314dd447832c5bfed Author: Eugene Burkov Date: Mon Mar 27 15:35:32 2023 +0500 docker: imp docs commit fddabb95118a85921bf4f50e9b91f4602ba02b0f Author: Eugene Burkov Date: Mon Mar 27 15:18:22 2023 +0500 docker: skip ssl check --- docker/healthcheck.sh | 8 +++++++- docker/web-bind.awk | 18 ++++-------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh index 2ab11033e86..881bbd60d58 100755 --- a/docker/healthcheck.sh +++ b/docker/healthcheck.sh @@ -74,7 +74,13 @@ esac # Check -wget "$web_url" -O /dev/null -q || exit 1 +# Skip SSL certificate validation since there is no guarantee the container +# trusts the one used. It should be safe to drop the SSL validation since the +# current script intended to be used from inside the container and only checks +# the endpoint availability, ignoring the content of the response. +# +# See https://github.com/AdguardTeam/AdGuardHome/issues/5642. +wget --no-check-certificate "$web_url" -O /dev/null -q || exit 1 echo "$dns_hosts" | while read -r host do diff --git a/docker/web-bind.awk b/docker/web-bind.awk index d9d198dd3e8..d2c3b3231a2 100644 --- a/docker/web-bind.awk +++ b/docker/web-bind.awk @@ -1,23 +1,13 @@ -BEGIN { scheme = "http" } - +# Don't consider the HTTPS hostname since the enforced HTTPS redirection should +# work if the SSL check skipped. See file docker/healthcheck.sh. /^bind_host:/ { host = $2 } /^bind_port:/ { port = $2 } -/force_https: true$/ { scheme = "https" } - -/port_https:/ { https_port = $2 } - -/server_name:/ { https_host = $2 } - END { - if (scheme == "https") { - host = https_host - port = https_port - } if (match(host, ":")) { - print scheme "://[" host "]:" port + print "http://[" host "]:" port } else { - print scheme "://" host ":" port + print "http://" host ":" port } } \ No newline at end of file