Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backend: support skip_verify option #382

Merged
merged 1 commit into from
Apr 12, 2022
Merged

Backend: support skip_verify option #382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/containerd-env-setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ $ sudo cat > /etc/nydusd-config.json << EOF
"type": "registry",
"config": {
"scheme": "http",
"skip_verify": false,
"timeout": 5,
"connect_timeout": 5,
"retry_limit": 2,
Expand Down
5 changes: 5 additions & 0 deletions docs/nydusd.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,8 +179,13 @@ We are working on enabling cloud-hypervisor support for nydus.
"type": "registry",
"config": {
...
// Registry url scheme, https or http
"scheme": "http",
// Registry hostname with format `$host:$port`
"host": "my-registry:5000",
// Skip SSL certificate validation for HTTPS scheme
"skip_verify": false,
// Use format `$namespace/$repo` (no image tag)
"repo": "test/repo",
// Username and password for auth
// base64(username:password), optional
Expand Down
4 changes: 4 additions & 0 deletions storage/src/backend/connection.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,10 @@ impl Connection {
.connect_timeout(connect_timeout)
.redirect(Policy::none());

if config.skip_verify {
cb = cb.danger_accept_invalid_certs(true);
}

if !proxy.is_empty() {
cb = cb.proxy(reqwest::Proxy::all(proxy).map_err(|e| einval!(e))?)
}
Expand Down
11 changes: 11 additions & 0 deletions storage/src/backend/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,13 @@ pub type BackendResult<T> = std::result::Result<T, BackendError>;
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(default)]
pub struct ProxyConfig {
/// Access remote storage backend via P2P proxy, e.g. Dragonfly dfdaemon server URL.
url: String,
/// Endpoint of P2P proxy health checking.
ping_url: String,
/// Fallback to remote storage backend if P2P proxy ping failed.
fallback: bool,
/// Interval of P2P proxy health checking, in seconds.
check_interval: u64,
}

Expand All @@ -76,16 +80,23 @@ impl Default for ProxyConfig {
#[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(default)]
pub struct CommonConfig {
/// Enable HTTP proxy for the read request.
proxy: ProxyConfig,
/// Skip SSL certificate validation for HTTPS scheme.
skip_verify: bool,
/// Drop the read request once http request timeout, in seconds.
timeout: u64,
/// Drop the read request once http connection timeout, in seconds.
connect_timeout: u64,
/// Retry count when read request failed.
retry_limit: u8,
}

impl Default for CommonConfig {
fn default() -> Self {
Self {
proxy: ProxyConfig::default(),
skip_verify: false,
timeout: 5,
connect_timeout: 5,
retry_limit: 0,
Expand Down