Revert ignoring ssl proxy errors, doesn't make a difference

src/backend/internal/proxy-host.js

@@ -48,11 +48,6 @@ const internalProxyHost = {
                 // At this point the domains should have been checked
                 data.owner_user_id = access.token.getUserId(1);
 
-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                 return proxyHostModel
                     .query()
                     .omit(omissions())
@@ -170,11 +165,6 @@ const internalProxyHost = {
                     domain_names: row.domain_names
                 }, data);
 
-                // Ignoring upstream ssl errors only applies when upstream scheme is https
-                if (typeof data.forward_scheme !== 'undefined' && data.forward_scheme === 'http') {
-                    data.ignore_invalid_upstream_ssl = false;
-                }
-
                 return proxyHostModel
                     .query()
                     .where({id: data.id})

src/backend/migrations/20181213013211_forward_scheme.js

@@ -17,7 +17,6 @@ exports.up = function (knex/*, Promise*/) {
 
     return knex.schema.table('proxy_host', function (proxy_host) {
         proxy_host.string('forward_scheme').notNull().defaultTo('http');
-        proxy_host.integer('ignore_invalid_upstream_ssl').notNull().unsigned().defaultTo(0);
     })
         .then(() => {
             logger.info('[' + migrate_name + '] proxy_host Table altered');

src/backend/schema/endpoints/proxy-hosts.json

@@ -52,11 +52,6 @@
       "example": true,
       "type": "boolean"
     },
-    "ignore_invalid_upstream_ssl": {
-      "description": "Ignore invalid upstream SSL certificates",
-      "example": true,
-      "type": "boolean"
-    },
     "access_list_id": {
       "$ref": "../definitions.json#/definitions/access_list_id"
     },
@@ -107,9 +102,6 @@
     "allow_websocket_upgrade": {
       "$ref": "#/definitions/allow_websocket_upgrade"
     },
-    "ignore_invalid_upstream_ssl": {
-      "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-    },
     "access_list_id": {
       "$ref": "#/definitions/access_list_id"
     },
@@ -188,9 +180,6 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },
@@ -252,9 +241,6 @@
           "allow_websocket_upgrade": {
             "$ref": "#/definitions/allow_websocket_upgrade"
           },
-          "ignore_invalid_upstream_ssl": {
-            "$ref": "#/definitions/ignore_invalid_upstream_ssl"
-          },
           "access_list_id": {
             "$ref": "#/definitions/access_list_id"
           },

src/backend/templates/proxy_host.conf

@@ -23,11 +23,11 @@ server {
 
 {% include "_forced_ssl.conf" %}
 
-   {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
-   proxy_set_header Upgrade $http_upgrade;
-   proxy_set_header Connection "upgrade";
-   proxy_http_version 1.1;
-   {% endif %}
+    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_http_version 1.1;
+    {% endif %}
 
     # Proxy!
     include conf.d/include/proxy.conf;