Nginx auth_request pass through client SSL certificate

spacerobot nginx-forum at forum.nginx.org
Tue Jan 30 03:34:09 UTC 2018


We use auth_request right now and it works great. However, we are making a
change that the authentication server in the future will only take SSL
requests and it also verifies client certificates. I couldn't seem to find
information online about how to pass through client SSL certificate when
using auth_request.

Current configuration:

  location = /_auth {
    internal;
    proxy_method POST;
    proxy_pass http://authentication-service;
  }


Now that the authentication service is https only and it requires client SSL
cert verification as well. By only changing to

 proxy_pass https://authentication-service;

doesn't work because it doesn't pass through the client SSL information from
the original request. I tried adding proxy_set_header for the X-SSL-CERT
header with $ssl_client_cert and it didn't work properly.

What's the best way that would allow me to continue to use the auth_request
module but allow passing through client SSL information from the original
request to the upstream?

Thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278291,278291#msg-278291



More information about the nginx mailing list