Expose SSL client cert data to external auth provider. (#2078)

2018-03-19 08:30:36 -04:00 · 2018-03-19 08:30:36 -04:00 · de30e53d62
commit de30e53d62
parent 28e6f54a69
1 changed files with 15 additions and 0 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -748,6 +748,21 @@ stream {
            client_body_buffer_size     {{ $location.ClientBodyBufferSize }};
            {{ end }}

+            # Pass the extracted client certificate to the auth provider
+            {{ if not (empty $server.CertificateAuth.CAFileName) }}
+            {{ if $server.CertificateAuth.PassCertToUpstream }}
+            proxy_set_header ssl-client-cert        $ssl_client_escaped_cert;
+            {{ else }}
+            proxy_set_header ssl-client-cert        "";
+            {{ end }}
+            proxy_set_header ssl-client-verify      $ssl_client_verify;
+            proxy_set_header ssl-client-dn          $ssl_client_s_dn;
+            {{ else }}
+            proxy_set_header ssl-client-cert        "";
+            proxy_set_header ssl-client-verify      "";
+            proxy_set_header ssl-client-dn          "";
+            {{ end }}
+
            set $target {{ $location.ExternalAuth.URL }};
            proxy_pass $target;
        }