feat: add SSL verification option to website proxy configuration

Author: HynoR

agent/app/dto/request/website.go

@@ -269,6 +269,7 @@ type WebsiteProxyConfig struct {
 	Replaces        map[string]string `json:"replaces"`
 	SNI             bool              `json:"sni"`
 	ProxySSLName    string            `json:"proxySSLName"`
+	SSLVerify       bool              `json:"sslVerify"`
 	CorsConfig
 }
 

agent/app/service/website_proxy.go

@@ -115,6 +115,11 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error)
 		return
 	}
 	applyLocationProxyPass(location, req.ProxyPass, &req.SNI, req.ProxySSLName)
+	if isHTTPSProxyPass(req.ProxyPass) && req.SSLVerify {
+		location.UpdateDirective("proxy_ssl_verify", []string{"on"})
+	} else {
+		location.RemoveDirective("proxy_ssl_verify", []string{})
+	}
 	location.UpdateDirective("proxy_set_header", []string{"Host", req.ProxyHost})
 	location.ChangePath(req.Modifier, req.Match)
 	// Server Cache Settings
@@ -329,6 +334,9 @@ func (w WebsiteService) GetProxies(id uint) (res []request.WebsiteProxyConfig, e
 			if directive.GetName() == "proxy_ssl_name" && len(directive.GetParameters()) > 0 {
 				proxyConfig.ProxySSLName = directive.GetParameters()[0]
 			}
+			if directive.GetName() == "proxy_ssl_verify" {
+				proxyConfig.SSLVerify = len(directive.GetParameters()) > 0 && directive.GetParameters()[0] == "on"
+			}
 		}
 		proxyConfig.Cors = location.Cors
 		proxyConfig.AllowCredentials = location.AllowCredentials

frontend/src/api/interface/website.ts

@@ -439,6 +439,7 @@ export namespace Website {
         proxyProtocol?: string;
         sni?: boolean;
         proxySSLName: string;
+        sslVerify?: boolean;
         cors: boolean;
         allowOrigins: string;
         allowMethods: string;

frontend/src/lang/modules/en.ts

@@ -2759,6 +2759,8 @@ const message = {
         sni: 'Origin SNI',
         sniHelper:
             "When the reverse proxy backend is HTTPS, you might need to set the origin SNI. See the CDN service provider's documentation for details.",
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'Huawei Cloud',
         createDb: 'Create Database',
         enableSSLHelper: 'Failure to enable will not affect the creation of the website',

frontend/src/lang/modules/es-es.ts

@@ -2794,6 +2794,8 @@ const message = {
         sni: 'SNI de origen',
         sniHelper:
             'Cuando el backend proxy es HTTPS, puede ser necesario configurar el SNI. Consulta la doc del proveedor CDN.',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'Huawei Cloud',
         createDb: 'Crear base de datos',
         enableSSLHelper: 'Si falla, no afectará la creación del sitio',

frontend/src/lang/modules/ja.ts

@@ -2781,6 +2781,8 @@ const message = {
         sni: '起源は悲しい',
         sniHelper:
             '逆プロキシバックエンドがHTTPSの場合、Origin SNIを設定する必要がある場合があります。詳細については、CDNサービスプロバイダーのドキュメントを参照してください。',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'huaweiCloud',
         createDb: 'データベースを作成',
         enableSSLHelper: 'SSLの有効化に失敗しても、ウェブサイトの作成には影響しません。',

frontend/src/lang/modules/ko.ts

@@ -2715,6 +2715,8 @@ const message = {
         sni: '원본 SNI',
         sniHelper:
             '역방향 프록시 백엔드가 HTTPS 인 경우 원본 SNI 를 설정해야 할 수 있습니다. 자세한 내용은 CDN 서비스 제공자의 문서를 참조하세요.',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: '화웨이 클라우드',
         createDb: '데이터베이스 생성',
         enableSSLHelper: 'SSL 활성화 실패는 웹사이트 생성에 영향을 미치지 않습니다.',

frontend/src/lang/modules/ms.ts

@@ -2811,6 +2811,8 @@ const message = {
         sni: 'Sumber SNI',
         sniHelper:
             'Apabila backend proksi terbalik adalah HTTPS, anda mungkin perlu menetapkan sumber SNI. Sila rujuk dokumentasi penyedia perkhidmatan CDN untuk butiran.',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'Huawei Cloud',
         createDb: 'Cipta Pangkalan Data',
         enableSSLHelper: 'Kegagalan mengaktifkan SSL tidak akan menjejaskan penciptaan laman web.',

frontend/src/lang/modules/pt-br.ts

@@ -2951,6 +2951,8 @@ const message = {
         sni: 'SNI de origem',
         sniHelper:
             'Quando o proxy reverso de backend for HTTPS, você pode precisar configurar o SNI de origem. Consulte a documentação do provedor de serviços CDN para mais detalhes.',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'Huawei Cloud',
         createDb: 'Criar Banco de Dados',
         enableSSLHelper: 'A falha ao ativar o SSL não afetará a criação do site.',

frontend/src/lang/modules/ru.ts

@@ -2811,6 +2811,8 @@ const message = {
         sni: 'Origin SNI',
         sniHelper:
             'Когда бэкенд обратного прокси использует HTTPS, может потребоваться установить origin SNI. Подробности см. в документации провайдера CDN.',
+        proxySslVerify: 'Verify Backend SSL Certificate',
+        proxySslVerifyHelper: 'When enabled, the proxy will strictly verify the upstream SSL certificate (disabled by default).',
         huaweicloud: 'Huawei Cloud',
         rcreateDb: 'Создать Базу Данных',
         enableSSLHelper: 'Неудача при включении SSL не повлияет на создание сайта.',