From 06e8e9ca5ec6fb056acec550b064a42e5c73babc Mon Sep 17 00:00:00 2001
From: vlaborie <vlaborie+gitit@evolix.fr>
Date: Sat, 13 May 2017 22:50:49 +0200
Subject: [PATCH] Add more example to SSLauth

---
 HowtoSSLauth.md | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 44 insertions(+), 3 deletions(-)

diff --git a/HowtoSSLauth.md b/HowtoSSLauth.md
index de14e16d..eb0a4eb2 100644
--- a/HowtoSSLauth.md
+++ b/HowtoSSLauth.md
@@ -24,15 +24,41 @@ OpenSSL 1.0.2h  3 May 2016
 
 ~~~
 SSLCACertificateFile /etc/ssl/certs/CA.pem
-SSLVerifyDepth 1
-SSLVerifyClient require
+SSLVerifyClient optional
+#SSLVerifyClient require
+SSLOptions +FakeBasicAuth
 ~~~
 
 ### Nginx
 
+/etc/nginx/sites-enabled/vhostname
+
 ~~~
 ssl_client_certificate /etc/ssl/certs/CA.pem;
-ssl_verify_client require;
+ssl_verify_client optional;
+#ssl_verify_client on;
+~~~
+
+/etc/nginx/conf.d/ssl-client.conf
+
+~~~
+map $ssl_client_s_dn $ssl_client_s_cn
+{
+    default "";
+    ~/CN=(?<CN>[^/]+) $CN;
+}
+~~~
+
+Authentification via proxy :
+
+~~~
+proxy_set_header X-Authenticated-User $ssl_client_s_cn;
+~~~
+
+Authentification via fastcgi :
+
+~~~
+fastcgi_param REMOTE_USER $ssl_client_s_cn;
 ~~~
 
 ### Dovecot
@@ -66,6 +92,21 @@ passdb {
 jdoe:{plain}::::::nopassword
 ~~~
 
+## Coté application web
+
+### Gogs / Gitea
+
+app.ini
+
+~~~
+[security]
+REVERSE_PROXY_AUTHENTICATION_USER = X-Authenticated-User
+
+[service]
+ENABLE_REVERSE_PROXY_AUTHENTICATION = true
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+~~~
+
 ## Coté client
 
 ### Curl