configs: nginx-demo config support both SSL cert + http auth

2019-01-21 02:14:45 +01:00 · 2019-01-21 02:14:45 +01:00 · bf426d2ed2
commit bf426d2ed2
parent 525b3d6b56
2 changed files with 22 additions and 3 deletions
--- a/configs/fic-auth-demo.conf
+++ b/configs/fic-auth-demo.conf
@ -1,4 +1,19 @@
-auth_basic "Restricted";
-auth_basic_user_file /srv/PKI/shared/ficpasswd;
+set $auth_basic "Challenge FIC";
+if ($ssl_client_verify != "SUCCESS") {
+    set $team "$remote_user";
+    set $needauth "1";
+}
+if ($ssl_client_verify = "SUCCESS") {
+    set $team "_AUTH_ID_$ssl_client_serial";
+    set $auth_basic off;
+    set $needauth "0";
+}
+if (!-f /srv/PKI/shared/ficpasswd) {
+    set $needauth "${needauth}0";
+}
+if ($needauth = "10") {
+    return 401;
+}

-set $team "$remote_user";
+auth_basic $auth_basic;
+auth_basic_user_file /srv/PKI/shared/ficpasswd;