Adds support for error page in Client Certificate Authentication

controllers/nginx/configuration.md

@@ -47,6 +47,7 @@ The following annotations are supported:
 |[ingress.kubernetes.io/auth-url](#external-authentication)|string|
 |[ingress.kubernetes.io/auth-tls-secret](#certificate-authentication)|string|
 |[ingress.kubernetes.io/auth-tls-verify-depth](#certificate-authentication)|number|
+|[ingress.kubernetes.io/auth-tls-error-page](#certificate-authentication)|string|
 |[ingress.kubernetes.io/base-url-scheme](#rewrite)|string|
 |[ingress.kubernetes.io/client-body-buffer-size](#client-body-buffer-size)|string|
 |[ingress.kubernetes.io/configuration-snippet](#configuration-snippet)|string|
@@ -149,6 +150,12 @@ ingress.kubernetes.io/auth-tls-verify-depth
 
 The validation depth between the provided client certificate and the Certification Authority chain.
 
+```
+ingress.kubernetes.io/auth-tls-error-page
+```
+
+The URL/Page that user should be redirected in case of a Certificate Authentication Error
+
 Please check the [tls-auth](/examples/auth/client-certs/nginx/README.md) example.
 
 ### Configuration snippet

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -611,6 +611,9 @@ stream {
         ssl_client_certificate                  {{ $server.CertificateAuth.CAFileName }};
         ssl_verify_client                       on;
         ssl_verify_depth                        {{ $server.CertificateAuth.ValidationDepth }};
+        {{ if not (empty $server.CertificateAuth.ErrorPage)}}
+        error_page 495 496 = {{ $server.CertificateAuth.ErrorPage }};
+        {{ end }}
         {{ end }}
 
         {{ range $location := $server.Locations }}