diff --git a/config/config.go b/config/config.go index addd2c489..5050239f6 100644 --- a/config/config.go +++ b/config/config.go @@ -106,17 +106,18 @@ type File struct { } type Consul struct { - Addr string - Scheme string - Token string - KVPath string - TagPrefix string - Register bool - ServiceAddr string - ServiceName string - ServiceTags []string - ServiceStatus []string - CheckInterval time.Duration - CheckTimeout time.Duration - CheckScheme string + Addr string + Scheme string + Token string + KVPath string + TagPrefix string + Register bool + ServiceAddr string + ServiceName string + ServiceTags []string + ServiceStatus []string + CheckInterval time.Duration + CheckTimeout time.Duration + CheckScheme string + CheckTLSSkipVerify bool } diff --git a/config/load.go b/config/load.go index d91b8fdb9..d1e696ce8 100644 --- a/config/load.go +++ b/config/load.go @@ -162,6 +162,7 @@ func load(cmdline, environ, envprefix []string, props *properties.Properties) (c f.StringSliceVar(&cfg.Registry.Consul.ServiceStatus, "registry.consul.service.status", defaultConfig.Registry.Consul.ServiceStatus, "valid service status values") f.DurationVar(&cfg.Registry.Consul.CheckInterval, "registry.consul.register.checkInterval", defaultConfig.Registry.Consul.CheckInterval, "service check interval") f.DurationVar(&cfg.Registry.Consul.CheckTimeout, "registry.consul.register.checkTimeout", defaultConfig.Registry.Consul.CheckTimeout, "service check timeout") + f.BoolVar(&cfg.Registry.Consul.CheckTLSSkipVerify, "registry.consul.register.checkTLSSkipVerify", defaultConfig.Registry.Consul.CheckTLSSkipVerify, "service check TLS verifcation") f.IntVar(&cfg.Runtime.GOGC, "runtime.gogc", defaultConfig.Runtime.GOGC, "sets runtime.GOGC") f.IntVar(&cfg.Runtime.GOMAXPROCS, "runtime.gomaxprocs", defaultConfig.Runtime.GOMAXPROCS, "sets runtime.GOMAXPROCS") f.StringVar(&uiListenerValue, "ui.addr", defaultValues.UIListenerValue, "Address the UI/API is listening on") diff --git a/config/load_test.go b/config/load_test.go index ed39b5b1d..af70f30d5 100644 --- a/config/load_test.go +++ b/config/load_test.go @@ -425,6 +425,13 @@ func TestLoad(t *testing.T) { return cfg }, }, + { + args: []string{"-registry.consul.register.checkTLSSkipVerify=true"}, + cfg: func(cfg *Config) *Config { + cfg.Registry.Consul.CheckTLSSkipVerify = true + return cfg + }, + }, { args: []string{"-registry.consul.register.tags", "a, b, c, "}, cfg: func(cfg *Config) *Config { diff --git a/fabio.properties b/fabio.properties index 2553b19fe..6abc7303e 100644 --- a/fabio.properties +++ b/fabio.properties @@ -593,6 +593,17 @@ # registry.consul.register.checkTimeout = 3s +# registry.consul.register.checkTLSSkipVerify configures TLS verification for the health check. +# +# Fabio registers an http health check on http(s)://${ui.addr}/health +# and this value tells consul to skip TLS certificate validation for +# https checks. +# +# The default is +# +# registry.consul.register.checkTLSSkipVerify = false + + # metrics.target configures the backend the metrics values are # sent to. # diff --git a/registry/consul/register.go b/registry/consul/register.go index d184568b2..687618eb9 100644 --- a/registry/consul/register.go +++ b/registry/consul/register.go @@ -115,9 +115,10 @@ func serviceRegistration(cfg *config.Consul) (*api.AgentServiceRegistration, err Port: port, Tags: cfg.ServiceTags, Check: &api.AgentServiceCheck{ - HTTP: checkURL, - Interval: cfg.CheckInterval.String(), - Timeout: cfg.CheckTimeout.String(), + HTTP: checkURL, + Interval: cfg.CheckInterval.String(), + Timeout: cfg.CheckTimeout.String(), + TLSSkipVerify: cfg.CheckTLSSkipVerify, }, }