Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add support for client certificates

Browse source
This commit is contained in:
patrickdk 2021-05-30 17:05:42 -04:00
parent 89ddc16d0c
commit 3aa2f531d9
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nginx.tmpl
View file

@ -276,6 +276,12 @@ upstream {{ $upstream_name }} {
{{ if $is_https }}
{{ $clientCA := trim (or (first (groupByKeys $containers "Env.CLIENT_CA")) (printf "%s.client" $vhostCert)) }}
{{ $verifyClient := trim (or (first (groupByKeys $containers "Env.VERIFY_CLIENT")) "optional") }}
{{ $verifyDepth := trim (or (first (groupByKeys $containers "Env.VERIFY_DEPTH")) "2") }}
{{ $is_client_verify := (and (ne $clientCA "") (ne $verifyClient "") (ne $verifyDepth "") (exists (printf "/etc/nginx/certs/%s.pem" $clientCA))) }}
{{ if eq $https_method "redirect" }}
server {
server_name {{ $host }};
@ -343,6 +349,12 @@ server {
add_header Strict-Transport-Security "{{ trim $hsts }}" always;
{{ end }}
{{ if $is_client_verify }}
ssl_client_certificate {{ printf "/etc/nginx/certs/%s.pem" $clientCA }};
ssl_verify_client {{ (printf "%s" $verifyClient) }};
ssl_verify_depth {{ (printf "%s" $verifyDepth) }};
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}