✨ The gateway will trust self-signed CA

2025-07-20 17:06:20 +08:00
parent 608414bfda
commit b298465d70
1 changed files with 17 additions and 2 deletions
--- a/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs
+++ b/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs
@@ -1,5 +1,6 @@
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using DysonNetwork.Shared.Registry;
-using Microsoft.AspNetCore.Http.Timeouts;
 using Yarp.ReverseProxy.Configuration;

 namespace DysonNetwork.Gateway.Startup;
@@ -9,7 +10,21 @@ public static class ServiceCollectionExtensions
    public static IServiceCollection AddGateway(this IServiceCollection services, IConfiguration configuration)
    {
        services.AddRequestTimeouts();
-        services.AddReverseProxy();
+
+        services
+            .AddReverseProxy()
+            .ConfigureHttpClient((context, handler) =>
+            {
+                var caCert = X509CertificateLoader.LoadCertificateFromFile(configuration["CaCert"]!);
+                handler.SslOptions = new SslClientAuthenticationOptions
+                {
+                    RemoteCertificateValidationCallback = (sender, cert, chain, errors) =>
+                    {
+                        return chain.ChainElements
+                            .Any(e => e.Certificate.Thumbprint == caCert.Thumbprint);
+                    }
+                };
+            });

        services.AddRegistryService(configuration);
        services.AddSingleton<IProxyConfigProvider, RegistryProxyConfigProvider>();