From 11cd02cb546c26257ca8621709a6bff5e69d7f00 Mon Sep 17 00:00:00 2001
From: patrickdk <patrickdk@patrickdk.com>
Date: Wed, 2 Jun 2021 12:05:15 -0400
Subject: [PATCH] Pulled client certificate veriification.

---
 README.md  |  7 -------
 nginx.tmpl | 12 ------------
 2 files changed, 19 deletions(-)

diff --git a/README.md b/README.md
index 9dca7af..249d16a 100644
--- a/README.md
+++ b/README.md
@@ -357,13 +357,6 @@ $ docker run -d -p 80:80 -p 443:443 \
 
 You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)
 
-### Client Certificates Support
-
-Client certificates can be supported by defining the following environment variables:
-`CLIENT_CA` to be set to the certificate to validate the clients against
-`VERIFY_CLIENT` can be set to `on` to  verify clients, `off` to ignore the client certificates, or `optional` the default to request but not verify
-`VERIFY_DEPTH` to the depth to verify the client certificate
-
 ### Custom Nginx Configuration
 
 If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis.
diff --git a/nginx.tmpl b/nginx.tmpl
index 95fcf7a..6ff688f 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -288,12 +288,6 @@ upstream {{ $upstream_name }} {
 
 {{ if $is_https }}
 
-{{ $clientCA := trim (or (first (groupByKeys $containers "Env.CLIENT_CA")) (printf "%s.client" $vhostCert)) }}
-{{ $verifyClient := trim (or (first (groupByKeys $containers "Env.VERIFY_CLIENT")) "optional") }}
-{{ $verifyDepth := trim (or (first (groupByKeys $containers "Env.VERIFY_DEPTH")) "2") }}
-
-{{ $is_client_verify := (and (ne $clientCA "") (ne $verifyClient "") (ne $verifyDepth "") (exists (printf "/etc/nginx/certs/%s.pem" $clientCA))) }}
-
 {{ if eq $https_method "redirect" }}
 server {
 	server_name {{ $host }};
@@ -368,12 +362,6 @@ server {
 	add_header Strict-Transport-Security "{{ trim $hsts }}" always;
 	{{ end }}
 
-	{{ if $is_client_verify }}
-	ssl_client_certificate {{ printf "/etc/nginx/certs/%s.pem" $clientCA }};
-	ssl_verify_client {{ (printf "%s" $verifyClient) }};
-	ssl_verify_depth {{ (printf "%s" $verifyDepth) }};
-	{{ end }}
-
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
 	include {{ printf "/etc/nginx/vhost.d/%s" $host }};
 	{{ else if (exists "/etc/nginx/vhost.d/default") }}