Nginx auth_request pass through client SSL certificate

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Nginx auth_request pass through client SSL certificate

Andrzej Walas
We use auth_request right now and it works great. However, we are making a
change that the authentication server in the future will only take SSL
requests and it also verifies client certificates. I couldn't seem to find
information online about how to pass through client SSL certificate when
using auth_request.

Current configuration:

  location = /_auth {
    internal;
    proxy_method POST;
    proxy_pass http://authentication-service;
  }


Now that the authentication service is https only and it requires client SSL
cert verification as well. By only changing to

 proxy_pass https://authentication-service;

doesn't work because it doesn't pass through the client SSL information from
the original request. I tried adding proxy_set_header for the X-SSL-CERT
header with $ssl_client_cert and it didn't work properly.

What's the best way that would allow me to continue to use the auth_request
module but allow passing through client SSL information from the original
request to the upstream?

Thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278291,278291#msg-278291

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx