configs: nginx-demo config support both SSL cert + http auth
This commit is contained in:
parent
525b3d6b56
commit
bf426d2ed2
|
@ -1,4 +1,19 @@
|
|||
auth_basic "Restricted";
|
||||
auth_basic_user_file /srv/PKI/shared/ficpasswd;
|
||||
set $auth_basic "Challenge FIC";
|
||||
if ($ssl_client_verify != "SUCCESS") {
|
||||
set $team "$remote_user";
|
||||
set $needauth "1";
|
||||
}
|
||||
if ($ssl_client_verify = "SUCCESS") {
|
||||
set $team "_AUTH_ID_$ssl_client_serial";
|
||||
set $auth_basic off;
|
||||
set $needauth "0";
|
||||
}
|
||||
if (!-f /srv/PKI/shared/ficpasswd) {
|
||||
set $needauth "${needauth}0";
|
||||
}
|
||||
if ($needauth = "10") {
|
||||
return 401;
|
||||
}
|
||||
|
||||
set $team "$remote_user";
|
||||
auth_basic $auth_basic;
|
||||
auth_basic_user_file /srv/PKI/shared/ficpasswd;
|
||||
|
|
|
@ -17,6 +17,10 @@ server {
|
|||
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
||||
|
||||
ssl_client_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_trusted_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_verify_client optional;
|
||||
|
||||
root /srv/htdocs-frontend/;
|
||||
|
||||
error_page 401 /welcome.html;
|
||||
|
|
Loading…
Reference in New Issue