Add annotation to enable passing the certificate to the upstream server

2017-11-17 21:28:45 -03:00 · 2017-11-17 21:28:45 -03:00 · 2223ea9600
commit 2223ea9600
parent de37e8ea89
3 changed files with 30 additions and 7 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -756,7 +756,11 @@ stream {

            # Pass the extracted client certificate to the backend
            {{ if not (empty $server.CertificateAuth.CAFileName) }}
+            {{ if $server.CertificateAuth.PassCertToUpstream }}
            proxy_set_header ssl-client-cert        $ssl_client_raw_cert;
+            {{ else }}
+            proxy_set_header ssl-client-cert        "";
+            {{ end }}
            proxy_set_header ssl-client-verify      $ssl_client_verify;
            proxy_set_header ssl-client-dn          $ssl_client_s_dn;
            {{ else }}