internal: reuse http transport to prevent leaking connections (#3996)

* Fix: Using the same http transport as the api * fix: Using global tlsTransport instead of newly created one
2022-11-25 18:24:01 +01:00 · 2022-11-25 18:24:01 +01:00 · be9790ef8a
parent f8ef2b666f
commit be9790ef8a
1 changed files with 7 additions and 2 deletions
--- a/internal/outpost/ak/global.go
+++ b/internal/outpost/ak/global.go
@ -16,6 +16,7 @@ import (
 )

 var initialSetup = false
+var tlsTransport *http.RoundTripper = nil

 func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 	l := log.WithField("logger", "authentik.outpost")
@ -70,15 +71,19 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {

 // GetTLSTransport Get a TLS transport instance, that skips verification if configured via environment variables.
 func GetTLSTransport() http.RoundTripper {
+	if tlsTransport != nil {
+		return *tlsTransport
+	}
 	value, set := os.LookupEnv("AUTHENTIK_INSECURE")
 	if !set {
 		value = "false"
 	}
-	tlsTransport, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
+	tmp, err := httptransport.TLSTransport(httptransport.TLSClientOptions{
 		InsecureSkipVerify: strings.ToLower(value) == "true",
 	})
 	if err != nil {
 		panic(err)
 	}
-	return tlsTransport
+	tlsTransport = &tmp
+	return *tlsTransport
 }