Welcome! Log In Create A New Profile

Advanced

Re: Nginx can’t proxy client certificate authentication

Francis Daly
March 16, 2019 06:10AM
On Fri, Mar 15, 2019 at 10:38:25AM -0400, WoMa wrote:

Hi there,

> I have path: request https -> nginx -> haproxy -> http application
> It works fine until I add client certificate authentication on haproxy.
> When I add client certificate authentication on haproxy I getting error on
> nginx:

Nothing can proxy (at an application level) client certificate authentication.

That is the point of certificates.

> When I test it without nginx (https -> haproxy -> http application ) I can
> authenticate with a client certificate
> and all work fine.

You could try a tcp-level proxy, which in nginx is spelled "stream". But...

> (On nginx proxy to haproxy only location /contextroot1 and location
> /contextroot2)

....then you lose the http-level facilities, like handling locations.

> Any help or suggestions are appreciated.

In nginx, you could include a header that includes an indication of the
client certificate and the fact that nginx has confirmed that the client
does have the certificate.

Then in haproxy, you would have to add something so that it trusts,
without verifying, that the client has the indicated certificate. (If
that header comes in a request from nginx.)

I do not know if the suggested haproxy config is possible.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx can’t proxy client certificate authentication

WoMa March 15, 2019 08:42AM

Re: Nginx can’t proxy client certificate authentication

Francis Daly March 16, 2019 06:10AM

Re: Nginx can’t proxy client certificate authentication

WoMa March 16, 2019 02:30PM

Re: Nginx can’t proxy client certificate authentication

Francis Daly March 17, 2019 01:36PM

Re: Nginx can’t proxy client certificate authentication

WoMa March 18, 2019 04:31AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 62
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready