internal: trace headers and url for backend requests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/web/proxy.go

@@ -18,6 +18,7 @@ func (ws *WebServer) configureProxy() {
 	director := func(req *http.Request) {
 		req.URL.Scheme = u.Scheme
 		req.URL.Host = u.Host
+		req.Host = u.Host
 		if _, ok := req.Header["User-Agent"]; !ok {
 			// explicitly disable User-Agent so it's not set to default value
 			req.Header.Set("User-Agent", "")
@@ -25,6 +26,7 @@ func (ws *WebServer) configureProxy() {
 		if req.TLS != nil {
 			req.Header.Set("X-Forwarded-Proto", "https")
 		}
+		ws.log.WithField("url", req.URL.String()).WithField("headers", req.Header).Trace("tracing request to backend")
 	}
 	rp := &httputil.ReverseProxy{Director: director}
 	rp.ErrorHandler = ws.proxyErrorHandler
@@ -66,7 +68,7 @@ func (ws *WebServer) configureProxy() {
 }
 
 func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request, err error) {
-	ws.log.Warning(err.Error())
+	ws.log.WithError(err).Warning("failed to proxy to backend")
 	rw.WriteHeader(http.StatusBadGateway)
 	em := fmt.Sprintf("failed to connect to authentik backend: %v", err)
 	if !ws.p.IsRunning() {

internal/web/tls.go

@@ -16,6 +16,9 @@ func (ws *WebServer) GetCertificate() func(ch *tls.ClientHelloInfo) (*tls.Certif
 		ws.log.WithError(err).Error("failed to generate default cert")
 	}
 	return func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
+		if ch.ServerName == "" {
+			return &cert, nil
+		}
 		if ws.ProxyServer != nil {
 			appCert := ws.ProxyServer.GetCertificate(ch.ServerName)
 			if appCert != nil {