From 59851d6fdccb24b3b2c9f6c3b027fa8a5048d632 Mon Sep 17 00:00:00 2001 From: Julio Camarero Date: Fri, 6 Dec 2024 16:05:20 +0100 Subject: [PATCH] Use new proxyssl.Config field in nginx template --- rootfs/etc/nginx/template/nginx.tmpl | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 6b8e750b0..002044e52 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -912,9 +912,14 @@ stream { {{ end }} {{ end }} - {{ if not (empty $server.ProxySSL.CAFileName) }} + {{ if or (not (empty $server.ProxySSL.ProxySSLCA.CAFileName)) (not (empty $server.ProxySSL.CAFileName)) }} + {{ if not (empty $server.ProxySSL.ProxySSLCA.CAFileName) }} + # PEM sha: {{ $server.ProxySSL.ProxySSLCA.CASHA }} + proxy_ssl_trusted_certificate {{ $server.ProxySSL.ProxySSLCA.CAFileName }}; + {{ else if not (empty $server.ProxySSL.CAFileName) }} # PEM sha: {{ $server.ProxySSL.CASHA }} proxy_ssl_trusted_certificate {{ $server.ProxySSL.CAFileName }}; + {{ end }} proxy_ssl_ciphers {{ $server.ProxySSL.Ciphers }}; proxy_ssl_protocols {{ $server.ProxySSL.Protocols }}; proxy_ssl_verify {{ $server.ProxySSL.Verify }}; @@ -925,7 +930,10 @@ stream { {{ end }} {{ end }} - {{ if not (empty $server.ProxySSL.PemFileName) }} + {{ if not (empty $server.ProxySSL.ProxySSLClientCert.PemFileName) }} + proxy_ssl_certificate {{ $server.ProxySSL.ProxySSLClientCert.PemFileName }}; + proxy_ssl_certificate_key {{ $server.ProxySSL.ProxySSLClientCert.PemFileName }}; + {{ else if not (empty $server.ProxySSL.PemFileName) }} proxy_ssl_certificate {{ $server.ProxySSL.PemFileName }}; proxy_ssl_certificate_key {{ $server.ProxySSL.PemFileName }}; {{ end }} @@ -1386,9 +1394,14 @@ stream { # Location denied. Reason: {{ $location.Denied | quote }} return 503; {{ end }} - {{ if not (empty $location.ProxySSL.CAFileName) }} + {{ if or (not (empty $location.ProxySSL.ProxySSLCA.CAFileName)) (not (empty $location.ProxySSL.CAFileName)) }} + {{ if not (empty $location.ProxySSL.ProxySSLCA.CAFileName) }} + # PEM sha: {{ $location.ProxySSL.ProxySSLCA.CASHA }} + proxy_ssl_trusted_certificate {{ $location.ProxySSL.ProxySSLCA.CAFileName }}; + {{ else if not (empty $location.ProxySSL.CAFileName) }} # PEM sha: {{ $location.ProxySSL.CASHA }} proxy_ssl_trusted_certificate {{ $location.ProxySSL.CAFileName }}; + {{ end }} proxy_ssl_ciphers {{ $location.ProxySSL.Ciphers }}; proxy_ssl_protocols {{ $location.ProxySSL.Protocols }}; proxy_ssl_verify {{ $location.ProxySSL.Verify }}; @@ -1402,7 +1415,10 @@ stream { proxy_ssl_server_name {{ $location.ProxySSL.ProxySSLServerName }}; {{ end }} - {{ if not (empty $location.ProxySSL.PemFileName) }} + {{ if not (empty $location.ProxySSL.ProxySSLClientCert.PemFileName) }} + proxy_ssl_certificate {{ $location.ProxySSL.ProxySSLClientCert.PemFileName }}; + proxy_ssl_certificate_key {{ $location.ProxySSL.ProxySSLClientCert.PemFileName }}; + {{ else if not (empty $location.ProxySSL.PemFileName) }} proxy_ssl_certificate {{ $location.ProxySSL.PemFileName }}; proxy_ssl_certificate_key {{ $location.ProxySSL.PemFileName }}; {{ end }}