feat: support localhost apps running https (#8585)

coderd/wsconncache/wsconncache.go

@@ -4,6 +4,7 @@ package wsconncache
 
 import (
 	"context"
+	"crypto/tls"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -49,8 +50,9 @@ func (a *AgentProvider) ReverseProxy(targetURL *url.URL, dashboardURL *url.URL,
 		return nil, nil, xerrors.Errorf("acquire agent connection: %w", err)
 	}
 
-	proxy.Transport = conn.HTTPTransport()
+	transport := conn.HTTPTransport()
 
+	proxy.Transport = transport
 	return proxy, release, nil
 }
 
@@ -154,6 +156,18 @@ func (c *Cache) Acquire(id uuid.UUID) (*Conn, func(), error) {
 			}
 			transport := defaultTransport.Clone()
 			transport.DialContext = agentConn.DialContext
+
+			// We intentionally don't verify the certificate chain here.
+			// The connection to the workspace is already established and most
+			// apps are already going to be accessed over plain HTTP, this config
+			// simply allows apps being run over HTTPS to be accessed without error --
+			// many of which may be using self-signed certs.
+			transport.TLSClientConfig = &tls.Config{
+				MinVersion: tls.VersionTLS12,
+				//nolint:gosec
+				InsecureSkipVerify: true,
+			}
+
 			conn := &Conn{
 				WorkspaceAgentConn: agentConn,
 				timeoutCancel:      timeoutCancelFunc,