DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Undo #11062 since it breaks the nginx config (#11082)

Browse source 
* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled

* revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths
This commit is contained in:
bossm8 2024-03-09 01:06:47 +01:00 committed by GitHub
parent 157e53b814
commit 9c384c7eb8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -985,10 +985,8 @@ stream {
{{ if not ( empty $server.CertificateAuth.MatchCN ) }}
{{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
location ~ ^/(?!(\.well-known/acme-challenge)) {
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
return 403 "client certificate unauthorized";
}
if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
return 403 "client certificate unauthorized";
}
{{ end }}
{{ end }}