Add more example to SSLauth

HowtoSSLauth.md

@@ -24,15 +24,41 @@ OpenSSL 1.0.2h  3 May 2016
 
 ~~~
 SSLCACertificateFile /etc/ssl/certs/CA.pem
-SSLVerifyDepth 1
+SSLVerifyClient optional
-SSLVerifyClient require
+#SSLVerifyClient require
+SSLOptions +FakeBasicAuth
 ~~~
 
 ### Nginx
 
+/etc/nginx/sites-enabled/vhostname
+
 ~~~
 ssl_client_certificate /etc/ssl/certs/CA.pem;
-ssl_verify_client require;
+ssl_verify_client optional;
+#ssl_verify_client on;
+~~~
+
+/etc/nginx/conf.d/ssl-client.conf
+
+~~~
+map $ssl_client_s_dn $ssl_client_s_cn
+{
+    default "";
+    ~/CN=(?<CN>[^/]+) $CN;
+}
+~~~
+
+Authentification via proxy :
+
+~~~
+proxy_set_header X-Authenticated-User $ssl_client_s_cn;
+~~~
+
+Authentification via fastcgi :
+
+~~~
+fastcgi_param REMOTE_USER $ssl_client_s_cn;
 ~~~
 
 ### Dovecot
@@ -66,6 +92,21 @@ passdb {
 jdoe:{plain}::::::nopassword
 ~~~
 
+## Coté application web
+
+### Gogs / Gitea
+
+app.ini
+
+~~~
+[security]
+REVERSE_PROXY_AUTHENTICATION_USER = X-Authenticated-User
+
+[service]
+ENABLE_REVERSE_PROXY_AUTHENTICATION = true
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+~~~
+
 ## Coté client
 
 ### Curl