feat: add TARGET_INSECURE_SKIP_VERIFY setting to allow self-signed HTTPS backends (#426)

Also discourage the use of this by putting it in a "scary" section of the configuration docs. Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-09 12:56:24 -04:00 · 2025-05-09 12:56:24 -04:00 · 624b935ecc
commit 624b935ecc
parent 529f65674e
3 changed files with 28 additions and 2 deletions
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+- Add `--target-insecure-skip-verify` flag/envvar to allow Anubis to hit a self-signed HTTPS backend.
+
 ## v1.18.0: Varis zos Galvus

 The big ticket feature in this release is [CEL expression matching support](https://anubis.techaro.lol/docs/admin/configuration/expressions). This allows you to tailor your approach for the individual services you are protecting.
--- a/docs/docs/admin/installation.mdx
+++ b/docs/docs/admin/installation.mdx
@ -73,6 +73,21 @@ Anubis uses these environment variables for configuration:
 | `USE_REMOTE_ADDRESS`           | unset                   | If set to `true`, Anubis will take the client's IP from the network socket. For production deployments, it is expected that a reverse proxy is used in front of Anubis, which pass the IP using headers, instead.                                                                                                    |
 | `WEBMASTER_EMAIL`              | unset                   | If set, shows a contact email address when rendering error pages. This email address will be how users can get in contact with administrators.                                                                                                                                                                       |

+<details>
+<summary>Advanced configuration settings</summary>
+
+:::note
+
+If you don't know or understand what these settings mean, ignore them. These are intended to work around very specific issues.
+
+:::
+
+| Environment Variable          | Default value | Explanation                                                                                                                                         |
+| :---------------------------- | :------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `TARGET_INSECURE_SKIP_VERIFY` | `false`       | If `true`, skip TLS certificate validation for targets that listen over `https`. If your backend does not listen over `https`, ignore this setting. |
+
+</details>
+
 For more detailed information on configuring Open Graph tags, please refer to the [Open Graph Configuration](./configuration/open-graph.mdx) page.

 ### Using Base Prefix