From 8696017da70297d8fa92615468cbeeb93e127519 Mon Sep 17 00:00:00 2001
From: Ludovic LEROUX <ludovic@inpher.io>
Date: Tue, 21 Sep 2021 10:20:53 -0400
Subject: [PATCH] Fix TLS config

---
 helpers.go  | 16 ++++++----------
 jsonconf.go | 10 ++++++++++
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/helpers.go b/helpers.go
index 2f49997..c1214a5 100644
--- a/helpers.go
+++ b/helpers.go
@@ -57,6 +57,11 @@ func parseConsulService(entries []*api.ServiceEntry) (upstreams []*reverseproxy.
 
 	for _, entry := range entries {
 
+		// We add the instance as an upstream
+		upstreams = append(upstreams, &reverseproxy.Upstream{
+			Dial: fmt.Sprintf("%s:%d", entry.Service.Address, entry.Service.Port),
+		})
+
 		// We check the options on that instance
 		for i := 0; i < t.NumField(); i++ {
 
@@ -87,22 +92,13 @@ func parseConsulService(entries []*api.ServiceEntry) (upstreams []*reverseproxy.
 						}
 						fieldValue.SetInt(val)
 					}
+
 				}
 
 			}
 
 		}
 
-		scheme := "http"
-		if options.UpstreamScheme != "" {
-			scheme = options.UpstreamScheme
-		}
-
-		// We add the instance as an upstream
-		upstreams = append(upstreams, &reverseproxy.Upstream{
-			Dial: fmt.Sprintf("%s://%s:%d", scheme, entry.Service.Address, entry.Service.Port),
-		})
-
 	}
 
 	return
diff --git a/jsonconf.go b/jsonconf.go
index 77b7e81..cce6c2f 100644
--- a/jsonconf.go
+++ b/jsonconf.go
@@ -124,6 +124,16 @@ func (cc *App) generateHTTPAndTLSAppConfFromConsulServices(conf *caddy.Config) (
 			},
 		}
 
+		// If Upstream is HTTPS, then we use HTTPTransport and add the TLS tag (insecure)
+		if options.UpstreamScheme == "https" {
+			transport := reverseproxy.HTTPTransport{
+				TLS: &reverseproxy.TLSConfig{
+					InsecureSkipVerify: true,
+				},
+			}
+			reverseProxyHandler.TransportRaw = caddyconfig.JSON(transport, nil)
+		}
+
 		// Do we propagate upstream headers?
 		if options.UpstreamHeaders {
 			reverseProxyHandler.Headers.Response.Add = http.Header{