Add more example to SSLauth
This commit is contained in:
parent
6de040cebd
commit
06e8e9ca5e
|
@ -24,15 +24,41 @@ OpenSSL 1.0.2h 3 May 2016
|
|||
|
||||
~~~
|
||||
SSLCACertificateFile /etc/ssl/certs/CA.pem
|
||||
SSLVerifyDepth 1
|
||||
SSLVerifyClient require
|
||||
SSLVerifyClient optional
|
||||
#SSLVerifyClient require
|
||||
SSLOptions +FakeBasicAuth
|
||||
~~~
|
||||
|
||||
### Nginx
|
||||
|
||||
/etc/nginx/sites-enabled/vhostname
|
||||
|
||||
~~~
|
||||
ssl_client_certificate /etc/ssl/certs/CA.pem;
|
||||
ssl_verify_client require;
|
||||
ssl_verify_client optional;
|
||||
#ssl_verify_client on;
|
||||
~~~
|
||||
|
||||
/etc/nginx/conf.d/ssl-client.conf
|
||||
|
||||
~~~
|
||||
map $ssl_client_s_dn $ssl_client_s_cn
|
||||
{
|
||||
default "";
|
||||
~/CN=(?<CN>[^/]+) $CN;
|
||||
}
|
||||
~~~
|
||||
|
||||
Authentification via proxy :
|
||||
|
||||
~~~
|
||||
proxy_set_header X-Authenticated-User $ssl_client_s_cn;
|
||||
~~~
|
||||
|
||||
Authentification via fastcgi :
|
||||
|
||||
~~~
|
||||
fastcgi_param REMOTE_USER $ssl_client_s_cn;
|
||||
~~~
|
||||
|
||||
### Dovecot
|
||||
|
@ -66,6 +92,21 @@ passdb {
|
|||
jdoe:{plain}::::::nopassword
|
||||
~~~
|
||||
|
||||
## Coté application web
|
||||
|
||||
### Gogs / Gitea
|
||||
|
||||
app.ini
|
||||
|
||||
~~~
|
||||
[security]
|
||||
REVERSE_PROXY_AUTHENTICATION_USER = X-Authenticated-User
|
||||
|
||||
[service]
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||
~~~
|
||||
|
||||
## Coté client
|
||||
|
||||
### Curl
|
||||
|
|
Loading…
Reference in New Issue