From dccdf708a9dda00f1932d4138ca759a0c4db50af Mon Sep 17 00:00:00 2001 From: Sebastiaan Tammer Date: Fri, 22 May 2020 16:02:20 +0200 Subject: [PATCH] Adds the option to skip TLS verification for a Gotify instance (#544) --- docs/notifications.md | 2 ++ internal/flags/flags.go | 14 ++++++++++---- pkg/api/api.go | 2 +- pkg/notifications/gotify.go | 27 ++++++++++++++++++++------- 4 files changed, 33 insertions(+), 12 deletions(-) diff --git a/docs/notifications.md b/docs/notifications.md index de3c505..005193c 100644 --- a/docs/notifications.md +++ b/docs/notifications.md @@ -170,6 +170,8 @@ docker run -d \ containrrr/watchtower ``` +If you want to disable TLS verification for the Gotify instance, you can use either `-e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true` or `--notification-gotify-tls-skip-verify`. + ### [containrrr/shoutrrr](https://github.com/containrrr/shoutrrr) To send notifications via shoutrrr, the following command-line options, or their corresponding environment variables, can be set: diff --git a/internal/flags/flags.go b/internal/flags/flags.go index 9554a3c..ee1d8e3 100644 --- a/internal/flags/flags.go +++ b/internal/flags/flags.go @@ -183,10 +183,8 @@ func RegisterNotificationFlags(rootCmd *cobra.Command) { "notification-email-server-tls-skip-verify", "", viper.GetBool("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY"), - ` -Controls whether watchtower verifies the SMTP server's certificate chain and host name. -Should only be used for testing. -`) + `Controls whether watchtower verifies the SMTP server's certificate chain and host name. +Should only be used for testing.`) flags.StringP( "notification-email-server-user", @@ -253,12 +251,20 @@ Should only be used for testing. "", viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_URL"), "The Gotify URL to send notifications to") + flags.StringP( "notification-gotify-token", "", viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN"), "The Gotify Application required to query the Gotify API") + flags.BoolP( + "notification-gotify-tls-skip-verify", + "", + viper.GetBool("WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY"), + `Controls whether watchtower verifies the Gotify server's certificate chain and host name. +Should only be used for testing.`) + flags.StringP( "notification-template", "", diff --git a/pkg/api/api.go b/pkg/api/api.go index a34b61c..12d12c3 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -18,7 +18,7 @@ func init() { lock <- true } -// SetupHTTPUpdates configures the endopint needed for triggering updates via http +// SetupHTTPUpdates configures the endpoint needed for triggering updates via http func SetupHTTPUpdates(apiToken string, updateFunction func()) error { if apiToken == "" { return errors.New("api token is empty or has not been set. not starting api") diff --git a/pkg/notifications/gotify.go b/pkg/notifications/gotify.go index 3a4a539..a065ac0 100644 --- a/pkg/notifications/gotify.go +++ b/pkg/notifications/gotify.go @@ -2,6 +2,7 @@ package notifications import ( "bytes" + "crypto/tls" "encoding/json" "fmt" "net/http" @@ -17,9 +18,10 @@ const ( ) type gotifyTypeNotifier struct { - gotifyURL string - gotifyAppToken string - logLevels []log.Level + gotifyURL string + gotifyAppToken string + gotifyInsecureSkipVerify bool + logLevels []log.Level } func newGotifyNotifier(c *cobra.Command, acceptedLogLevels []log.Level) t.Notifier { @@ -39,10 +41,13 @@ func newGotifyNotifier(c *cobra.Command, acceptedLogLevels []log.Level) t.Notifi log.Fatal("Required argument --notification-gotify-token(cli) or WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN(env) is empty.") } + gotifyInsecureSkipVerify, _ := flags.GetBool("notification-gotify-tls-skip-verify") + n := &gotifyTypeNotifier{ - gotifyURL: gotifyURL, - gotifyAppToken: gotifyToken, - logLevels: acceptedLogLevels, + gotifyURL: gotifyURL, + gotifyAppToken: gotifyToken, + gotifyInsecureSkipVerify: gotifyInsecureSkipVerify, + logLevels: acceptedLogLevels, } log.AddHook(n) @@ -79,8 +84,16 @@ func (n *gotifyTypeNotifier) Fire(entry *log.Entry) error { return } + // Explicitly define the client so we can set InsecureSkipVerify to the desired value. + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: n.gotifyInsecureSkipVerify, + }, + }, + } jsonBodyBuffer := bytes.NewBuffer([]byte(jsonBody)) - resp, err := http.Post(n.getURL(), "application/json", jsonBodyBuffer) + resp, err := client.Post(n.getURL(), "application/json", jsonBodyBuffer) if err != nil { fmt.Println("Failed to send Gotify notification: ", err) return