Parcourir la source

Add more example to SSLauth

master
vlaborie il y a 3 ans
Parent
révision
06e8e9ca5e
1 fichiers modifiés avec 44 ajouts et 3 suppressions
  1. +44
    -3
      HowtoSSLauth.md

+ 44
- 3
HowtoSSLauth.md Voir le fichier

@@ -24,15 +24,41 @@ OpenSSL 1.0.2h 3 May 2016

~~~
SSLCACertificateFile /etc/ssl/certs/CA.pem
SSLVerifyDepth 1
SSLVerifyClient require
SSLVerifyClient optional
#SSLVerifyClient require
SSLOptions +FakeBasicAuth
~~~

### Nginx

/etc/nginx/sites-enabled/vhostname

~~~
ssl_client_certificate /etc/ssl/certs/CA.pem;
ssl_verify_client require;
ssl_verify_client optional;
#ssl_verify_client on;
~~~

/etc/nginx/conf.d/ssl-client.conf

~~~
map $ssl_client_s_dn $ssl_client_s_cn
{
default "";
~/CN=(?<CN>[^/]+) $CN;
}
~~~

Authentification via proxy :

~~~
proxy_set_header X-Authenticated-User $ssl_client_s_cn;
~~~

Authentification via fastcgi :

~~~
fastcgi_param REMOTE_USER $ssl_client_s_cn;
~~~

### Dovecot
@@ -66,6 +92,21 @@ passdb {
jdoe:{plain}::::::nopassword
~~~

## Coté application web

### Gogs / Gitea

app.ini

~~~
[security]
REVERSE_PROXY_AUTHENTICATION_USER = X-Authenticated-User

[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
~~~

## Coté client

### Curl


Chargement…
Annuler
Enregistrer