Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Adds ability to add client auth to SSL proxy.

Browse source
This commit is contained in:
William Dix 2014-12-14 21:24:22 -05:00
parent 56b4a2e182
commit 6889132dfc
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nginx.tmpl
View file

@ -71,6 +71,9 @@ upstream {{ $host }} {
{{/* Get the first cert name defined by containers w/ the same vhost */}} {{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }} {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
{{/* Get the first SSL_VERIFY_CLIENT defined by containers w/ the same vhost */}}
{{ $sslVerifyClient := (first (groupByKeys $containers "Env.SSL_VERIFY_CLIENT")) }}
{{/* Get the best matching cert by name for the vhost. */}} {{/* Get the best matching cert by name for the vhost. */}}
{{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}} {{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}}
@ -102,10 +105,18 @@ server {
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }}; ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }}; ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
{{ if $sslVerifyClient }}
ssl_verify_client {{ (printf "%s" $sslVerifyClient) }};
ssl_client_certificate /etc/nginx/certs/{{ (printf "%s.cacert.pem" $cert) }};
{{ end }}
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location / { location / {
proxy_pass http://{{ $host }}; {{ if $sslVerifyClient }}
proxy_set_header Subject-Name $ssl_client_s_dn;
{{ end }
proxy_pass http://{{ $host }};
} }
} }
{{ else }} {{ else }}