Adds the option to skip TLS verification for a Gotify instance (#544)

5 years ago · dccdf708a9
parent 10fd81a2c1
commit dccdf708a9
4 changed files with 33 additions and 12 deletions
--- a/docs/notifications.md
+++ b/docs/notifications.md
@ -170,6 +170,8 @@ docker run -d \
  containrrr/watchtower
 ```

+If you want to disable TLS verification for the Gotify instance, you can use either `-e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true` or `--notification-gotify-tls-skip-verify`. 
+
 ### [containrrr/shoutrrr](https://github.com/containrrr/shoutrrr)

 To send notifications via shoutrrr, the following command-line options, or their corresponding environment variables, can be set:
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@ -183,10 +183,8 @@ func RegisterNotificationFlags(rootCmd *cobra.Command) {
 		"notification-email-server-tls-skip-verify",
 		"",
 		viper.GetBool("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY"),
-		`
-Controls whether watchtower verifies the SMTP server's certificate chain and host name.
-Should only be used for testing.
-`)
+		`Controls whether watchtower verifies the SMTP server's certificate chain and host name.
+Should only be used for testing.`)

 	flags.StringP(
 		"notification-email-server-user",
@ -253,12 +251,20 @@ Should only be used for testing.
 		"",
 		viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_URL"),
 		"The Gotify URL to send notifications to")
+
 	flags.StringP(
 		"notification-gotify-token",
 		"",
 		viper.GetString("WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN"),
 		"The Gotify Application required to query the Gotify API")

+	flags.BoolP(
+		"notification-gotify-tls-skip-verify",
+		"",
+		viper.GetBool("WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY"),
+		`Controls whether watchtower verifies the Gotify server's certificate chain and host name.
+Should only be used for testing.`)
+
 	flags.StringP(
 		"notification-template",
 		"",
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -18,7 +18,7 @@ func init() {
 	lock <- true
 }

-// SetupHTTPUpdates configures the endopint needed for triggering updates via http
+// SetupHTTPUpdates configures the endpoint needed for triggering updates via http
 func SetupHTTPUpdates(apiToken string, updateFunction func()) error {
 	if apiToken == "" {
 		return errors.New("api token is empty or has not been set. not starting api")
--- a/pkg/notifications/gotify.go
+++ b/pkg/notifications/gotify.go
@ -2,6 +2,7 @@ package notifications

 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@ -19,6 +20,7 @@ const (
 type gotifyTypeNotifier struct {
 	gotifyURL                string
 	gotifyAppToken           string
+	gotifyInsecureSkipVerify bool
 	logLevels                []log.Level
 }

@ -39,9 +41,12 @@ func newGotifyNotifier(c *cobra.Command, acceptedLogLevels []log.Level) t.Notifi
 		log.Fatal("Required argument --notification-gotify-token(cli) or WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN(env) is empty.")
 	}

+	gotifyInsecureSkipVerify, _ := flags.GetBool("notification-gotify-tls-skip-verify")
+
 	n := &gotifyTypeNotifier{
 		gotifyURL:                gotifyURL,
 		gotifyAppToken:           gotifyToken,
+		gotifyInsecureSkipVerify: gotifyInsecureSkipVerify,
 		logLevels:                acceptedLogLevels,
 	}

@ -79,8 +84,16 @@ func (n *gotifyTypeNotifier) Fire(entry *log.Entry) error {
 			return
 		}

+		// Explicitly define the client so we can set InsecureSkipVerify to the desired value.
+		client := &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: n.gotifyInsecureSkipVerify,
+				},
+			},
+		}
 		jsonBodyBuffer := bytes.NewBuffer([]byte(jsonBody))
-		resp, err := http.Post(n.getURL(), "application/json", jsonBodyBuffer)
+		resp, err := client.Post(n.getURL(), "application/json", jsonBodyBuffer)
 		if err != nil {
 			fmt.Println("Failed to send Gotify notification: ", err)
 			return