mc/mc-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skip backend cert verification for L7 re-encrypt routes

Browse Source 
When backend_tls=true, the h2 transport was verifying the backend's
TLS certificate. This fails when the backend address is an IP (no
IP SANs) or uses a self-signed cert. Backend connections are to
trusted internal services — skip verification. Also change rift
metrics port to 9091 to avoid conflict with exod on 9090.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-25 19:41:58 -07:00
parent 279f110050
commit 357ad60e42
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/mc-proxy-rift.toml
View File

@@ -52,7 +52,7 @@ rate_window = "1m"
# Prometheus metrics — loopback only, for node-local MCP scraping.
[metrics]
addr = "127.0.0.1:9090"
addr = "127.0.0.1:9091"
path = "/metrics"
[proxy]