We use auth_request right now and it works great. However, we are making a change that the authentication server in the future will only take SSL requests and it also verifies client certificates. I couldn't seem to find information online about how to pass through client SSL certificate when using auth_request.
Current configuration:
location = /_auth {
internal;
proxy_method POST;
proxy_pass http://authentication-service;
}
Now that the authentication service is https only and it requires client SSL cert verification as well. By only changing to
proxy_pass https://authentication-service;
doesn't work because it doesn't pass through the client SSL information from the original request. I tried adding proxy_set_header for the X-SSL-CERT header with $ssl_client_cert and it didn't work properly.
What's the best way that would allow me to continue to use the auth_request module but allow passing through client SSL information from the original request to the upstream?
Thanks!