On Fri, Mar 15, 2019 at 10:38:25AM -0400, WoMa wrote:
Hi there,
> I have path: request https -> nginx -> haproxy -> http application
> It works fine until I add client certificate authentication on haproxy.
> When I add client certificate authentication on haproxy I getting error on
> nginx:
Nothing can proxy (at an application level) client certificate authentication.
That is the point of certificates.
> When I test it without nginx (https -> haproxy -> http application ) I can
> authenticate with a client certificate
> and all work fine.
You could try a tcp-level proxy, which in nginx is spelled "stream". But...
> (On nginx proxy to haproxy only location /contextroot1 and location
> /contextroot2)
....then you lose the http-level facilities, like handling locations.
> Any help or suggestions are appreciated.
In nginx, you could include a header that includes an indication of the
client certificate and the fact that nginx has confirmed that the client
does have the certificate.
Then in haproxy, you would have to add something so that it trusts,
without verifying, that the client has the indicated certificate. (If
that header comes in a request from nginx.)
I do not know if the suggested haproxy config is possible.
Good luck with it,
f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx