Browse Source

Add more example to SSLauth

master
vlaborie 3 years ago
parent
commit
06e8e9ca5e
1 changed files with 44 additions and 3 deletions
  1. +44
    -3
      HowtoSSLauth.md

+ 44
- 3
HowtoSSLauth.md View File

@ -24,15 +24,41 @@ OpenSSL 1.0.2h 3 May 2016
~~~
SSLCACertificateFile /etc/ssl/certs/CA.pem
SSLVerifyDepth 1
SSLVerifyClient require
SSLVerifyClient optional
#SSLVerifyClient require
SSLOptions +FakeBasicAuth
~~~
### Nginx
/etc/nginx/sites-enabled/vhostname
~~~
ssl_client_certificate /etc/ssl/certs/CA.pem;
ssl_verify_client require;
ssl_verify_client optional;
#ssl_verify_client on;
~~~
/etc/nginx/conf.d/ssl-client.conf
~~~
map $ssl_client_s_dn $ssl_client_s_cn
{
default "";
~/CN=(?<CN>[^/]+) $CN;
}
~~~
Authentification via proxy :
~~~
proxy_set_header X-Authenticated-User $ssl_client_s_cn;
~~~
Authentification via fastcgi :
~~~
fastcgi_param REMOTE_USER $ssl_client_s_cn;
~~~
### Dovecot
@ -66,6 +92,21 @@ passdb {
jdoe:{plain}::::::nopassword
~~~
## Coté application web
### Gogs / Gitea
app.ini
~~~
[security]
REVERSE_PROXY_AUTHENTICATION_USER = X-Authenticated-User
[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
~~~
## Coté client
### Curl


Loading…
Cancel
Save