fix: handle 401 and 403 by external auth (#9131)

2022-10-13 00:41:04 +02:00 · 2022-10-13 00:41:04 +02:00 · 6aac00648b
commit 6aac00648b
parent c9faac2222
1 changed files with 2 additions and 2 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -957,7 +957,7 @@ stream {
        set $proxy_upstream_name "-";

        {{ if not ( empty $server.CertificateAuth.MatchCN ) }}
-        {{ if gt (len $server.CertificateAuth.MatchCN) 0 }}  
+        {{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
        if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
            return 403 "client certificate unauthorized";
        }
@ -1288,7 +1288,7 @@ stream {
                    {{- end }}
                    return
                end
-                if res.status == ngx.HTTP_FORBIDDEN then
+                if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then
                    ngx.exit(res.status)
                end
                ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)