DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Expose SSL client cert data to external auth provider. (#2078)

Browse source
This commit is contained in:
turettn 2018-03-19 08:30:36 -04:00 committed by Manuel Alejandro de Brito Fontes
parent 28e6f54a69
commit de30e53d62
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -748,6 +748,21 @@ stream {
client_body_buffer_size {{ $location.ClientBodyBufferSize }}; client_body_buffer_size {{ $location.ClientBodyBufferSize }};
{{ end }} {{ end }}
# Pass the extracted client certificate to the auth provider
{{ if not (empty $server.CertificateAuth.CAFileName) }}
{{ if $server.CertificateAuth.PassCertToUpstream }}
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
{{ else }}
proxy_set_header ssl-client-cert "";
{{ end }}
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-dn $ssl_client_s_dn;
{{ else }}
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
{{ end }}
set $target {{ $location.ExternalAuth.URL }}; set $target {{ $location.ExternalAuth.URL }};
proxy_pass $target; proxy_pass $target;
} }