Pull request 1788: 5642-fix-healthcheck-ssl

Merge in DNS/adguard-home from 5642-fix-healthcheck-ssl to master Updates #5642. Updates #3290. Squashed commit of the following: commit c457ecbc08f58bb4f31bade314dd447832c5bfed Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 15:35:32 2023 +0500 docker: imp docs commit fddabb95118a85921bf4f50e9b91f4602ba02b0f Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 15:18:22 2023 +0500 docker: skip ssl check
2024-11-21 20:45:33 +03:00 · 2023-03-27 13:43:38 +03:00 · 2023-03-27 13:43:38 +03:00 · 132ec556dc
commit 132ec556dc
parent d58772f177
2 changed files with 11 additions and 15 deletions
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@ -74,7 +74,13 @@ esac

 # Check

-wget "$web_url" -O /dev/null -q || exit 1
+# Skip SSL certificate validation since there is no guarantee the container
+# trusts the one used.  It should be safe to drop the SSL validation since the
+# current script intended to be used from inside the container and only checks
+# the endpoint availability, ignoring the content of the response.
+#
+# See https://github.com/AdguardTeam/AdGuardHome/issues/5642.
+wget --no-check-certificate "$web_url" -O /dev/null -q || exit 1

 echo "$dns_hosts" | while read -r host
 do
--- a/docker/web-bind.awk
+++ b/docker/web-bind.awk
@ -1,23 +1,13 @@
-BEGIN { scheme = "http" }
-
+# Don't consider the HTTPS hostname since the enforced HTTPS redirection should
+# work if the SSL check skipped.  See file docker/healthcheck.sh.
 /^bind_host:/ { host = $2 }

 /^bind_port:/ { port = $2 }

-/force_https: true$/ { scheme = "https" }
-
-/port_https:/ { https_port = $2 }
-
-/server_name:/ { https_host = $2 }
-
 END {
-    if (scheme == "https") {
-        host = https_host
-        port = https_port
-    }
    if (match(host, ":")) {
-        print scheme "://[" host "]:" port
+        print "http://[" host "]:" port
     } else {
-        print scheme "://" host ":" port
+        print "http://" host ":" port
    }
 }