mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-09 07:03:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add option to disable TLS validation for NATS

Browse source
This commit is contained in:
Till Faelligen 2022-08-02 12:28:05 +02:00
parent 5aa1d7827c
commit 374840fba3
No known key found for this signature in database
GPG key ID: 3DF82D8AB9211D4E
4 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
dendrite-sample.monolith.yaml
View file

@ -113,6 +113,11 @@ global:
addresses: addresses:
# - localhost:4222 # - localhost:4222
# Disable the validation of TLS certificates of NATS. This is
# not recommended in production since it may allow NATS traffic
# to be sent to an insecure endpoint.
disable_tls_validation: false
# Persistent directory to store JetStream streams in. This directory should be # Persistent directory to store JetStream streams in. This directory should be
# preserved across Dendrite restarts. # preserved across Dendrite restarts.
storage_path: ./ storage_path: ./

5
dendrite-sample.polylith.yaml
View file

@ -103,6 +103,11 @@ global:
addresses: addresses:
- hostname:4222 - hostname:4222
# Disable the validation of TLS certificates of NATS. This is
# not recommended in production since it may allow NATS traffic
# to be sent to an insecure endpoint.
disable_tls_validation: false
# The prefix to use for stream names for this homeserver - really only useful # The prefix to use for stream names for this homeserver - really only useful
# if you are running more than one Dendrite server on the same NATS deployment. # if you are running more than one Dendrite server on the same NATS deployment.
topic_prefix: Dendrite topic_prefix: Dendrite

3
setup/config/config_jetstream.go
View file

@ -19,6 +19,8 @@ type JetStream struct {
InMemory bool `yaml:"in_memory"` InMemory bool `yaml:"in_memory"`
// Disable logging. This is mostly useful for unit tests. // Disable logging. This is mostly useful for unit tests.
NoLog bool `yaml:"-"` NoLog bool `yaml:"-"`
// Disables TLS validation. This should NOT be used in production
DisableTLSValidation bool `yaml:"disable_tls_validation"`
} }
func (c *JetStream) Prefixed(name string) string { func (c *JetStream) Prefixed(name string) string {
@ -35,6 +37,7 @@ func (c *JetStream) Defaults(generate bool) {
if generate { if generate {
c.StoragePath = Path("./") c.StoragePath = Path("./")
c.NoLog = true c.NoLog = true
c.DisableTLSValidation = true
} }
} }

9
setup/jetstream/nats.go
View file

@ -1,6 +1,7 @@
package jetstream package jetstream
import ( import (
"crypto/tls"
"fmt" "fmt"
"reflect" "reflect"
"strings" "strings"
@ -76,7 +77,13 @@ func (s *NATSInstance) Prepare(process *process.ProcessContext, cfg *config.JetS
func setupNATS(process *process.ProcessContext, cfg *config.JetStream, nc *natsclient.Conn) (natsclient.JetStreamContext, *natsclient.Conn) { func setupNATS(process *process.ProcessContext, cfg *config.JetStream, nc *natsclient.Conn) (natsclient.JetStreamContext, *natsclient.Conn) {
if nc == nil { if nc == nil {
var err error var err error
nc, err = natsclient.Connect(strings.Join(cfg.Addresses, ",")) opts := []nats.Option{}
if cfg.DisableTLSValidation {
opts = append(opts, nats.Secure(&tls.Config{
InsecureSkipVerify: true,
}))
}
nc, err = natsclient.Connect(strings.Join(cfg.Addresses, ","), opts...)
if err != nil { if err != nil {
logrus.WithError(err).Panic("Unable to connect to NATS") logrus.WithError(err).Panic("Unable to connect to NATS")
return nil, nil return nil, nil