add Transport override option for active health checks

modules/caddyhttp/reverseproxy/healthchecks.go

@@ -65,7 +65,7 @@
 	// upstream host, the passive health check state will be reset because
 	// it will be garbage-collected. It is usually better for the dynamic
 	// upstream module to only return healthy, available backends instead.
 	Passive *PassiveHealthChecks `json:"passive,omitempty"`
 }
 
 // ActiveHealthChecks holds configuration related to active
@@ -90,6 +90,11 @@
 	// this value is ignored.
 	Port int `json:"port,omitempty"`
 
+
+	// Configures the method of transport for the active health checker. 
+	// The default transport is the handler's transport
+	TransportRaw json.RawMessage `json:"transport,omitempty" caddy:"namespace=http.reverse_proxy.transport inline_key=protocol"`
+
 	// HTTP headers to set on health check requests.
 	Headers http.Header `json:"headers,omitempty"`
 
@@ -128,6 +133,7 @@
 	// body of a healthy backend.
 	ExpectBody string `json:"expect_body,omitempty"`
 
+	transport http.RoundTripper `json:"-"``
 	uri        *url.URL
 	httpClient *http.Client
 	bodyRegexp *regexp.Regexp
@@ -174,10 +180,21 @@
 		}
 		a.uri = parsedURI
 	}
+
+	// Use handler's transport if no active one set
+	if a.TransportRaw != nil {
+		mod, err := ctx.LoadModule(a, "TransportRaw")
+		if err != nil {
+			return fmt.Errorf("loading transport: %v", err)
+		}
+		a.transport = mod.(http.RoundTripper)
+	} else {
+		a.transport = h.Transport
+	}
 
 	a.httpClient = &http.Client{
 		Timeout:   timeout,
-		Transport: h.Transport,
+		Transport: a.transport,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			if !a.FollowRedirects {
 				return http.ErrUseLastResponse
@@ -252,7 +269,7 @@
 
 	// Count the request as failed if the response takes at least this
 	// long to receive.
 	UnhealthyLatency caddy.Duration `json:"unhealthy_latency,omitempty"`
 
 	logger *zap.Logger
 }
@@ -405,12 +422,17 @@
 		u.Host = net.JoinHostPort(host, port)
 	}
 
-	// this is kind of a hacky way to know if we should use HTTPS, but whatever
-	if tt, ok := h.Transport.(TLSTransport); ok && tt.TLSEnabled() {
+	// this is kind of a hacky way to know if we should use HTTPS
+	transport := h.HealthChecks.Active.transport
+	if transport == nil {
+		transport = h.Transport
+	}
+
+	if tt, ok := transport.(TLSTransport); ok && tt.TLSEnabled() {
 		u.Scheme = "https"
 
 		// if the port is in the except list, flip back to HTTP
-		if ht, ok := h.Transport.(*HTTPTransport); ok && slices.Contains(ht.TLS.ExceptPorts, port) {
+		if ht, ok := transport.(*HTTPTransport); ok && slices.Contains(ht.TLS.ExceptPorts, port) {
 			u.Scheme = "http"
 		}
 	}
@@ -637,4 +659,4 @@
 			}
 		}
 	}(upstream.Host, failDuration)
 }