internal: reuse http transport to prevent leaking connections (#3996)

* Fix: Using the same http transport as the api

* fix: Using global tlsTransport instead of newly created one
This commit is contained in:
Daniel 2022-11-25 18:24:01 +01:00 committed by GitHub
parent f8ef2b666f
commit be9790ef8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,6 +16,7 @@ import (
)
var initialSetup = false
var tlsTransport *http.RoundTripper = nil
func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
l := log.WithField("logger", "authentik.outpost")
@ -70,15 +71,19 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
// GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
func GetTLSTransport() http.RoundTripper {
if tlsTransport != nil {
return *tlsTransport
}
value, set := os.LookupEnv("AUTHENTIK_INSECURE")
if !set {
value = "false"
}
tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
InsecureSkipVerify: strings.ToLower(value) == "true",
})
if err != nil {
panic(err)
}
return tlsTransport
tlsTransport = &tmp
return *tlsTransport
}