Add documentation for how to use Client-Side Certificate Authentication

2018-11-14 11:32:54 +01:00 · 2018-11-14 11:32:54 +01:00 · 14142ad84c
commit 14142ad84c
parent 6b6466cdbe
1 changed files with 33 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -312,6 +312,22 @@ $ docker run -d -p 80:80 -p 443:443 \

 You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)

+### Client-Side Certificate Authentication
+#### Certificate Authority (CA)
+In order to secure your virtual host, you have to copy your CA certificate file (ca.crt) named as its equivalent VIRTUAL_HOST variable on directory
+/etc/nginx/ca/$VIRTUAL_HOST.crt
+
+#### Certificate Revocation List (CLR)
+In oder to use a certificate revocation list, you have to copy your .clr file named as its equivalent VIRTUAL_HOST variable on the same directory /etc/nginx/ca/$VIRTUAL_HOST.clr
+
+```
+$ docker run -d -p 80:80 -p 443:443 \
+    -v /path/to/ca:/etc/nginx/ca \
+    -v /path/to/certs:/etc/nginx/certs \
+    -v /var/run/docker.sock:/tmp/docker.sock:ro \
+    jwilder/nginx-proxy
+```
+
 ### Custom Nginx Configuration

 If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis.