2024-12-05 10:06:12 -05:00
|
|
|
server {
|
|
|
|
|
listen 443 ssl http2;
|
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
|
server_name cert.libraryofcode.org;
|
|
|
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
2024-12-05 13:05:00 -05:00
|
|
|
ssl_verify_client optional_no_ca;
|
2024-12-05 10:06:12 -05:00
|
|
|
|
|
|
|
|
location / {
|
2024-12-22 22:12:25 -05:00
|
|
|
proxy_pass https://offsite-ejbca.mracs.dev;
|
2024-12-22 21:36:58 -05:00
|
|
|
proxy_set_header X-SSL-CERT $ssl_client_cert;
|
2024-12-05 13:05:00 -05:00
|
|
|
proxy_set_header X-Client-Verify $ssl_client_verify;
|
2024-12-22 21:59:29 -05:00
|
|
|
proxy_set_header X-Client-DN $ssl_client_s_dn;
|
|
|
|
|
proxy_set_header X-Client-Serial $ssl_client_serial;
|
2024-12-05 10:06:12 -05:00
|
|
|
}
|
2024-12-22 22:03:58 -05:00
|
|
|
|
|
|
|
|
location /test-headers {
|
2024-12-22 22:10:23 -05:00
|
|
|
return 200 "X-SSL-CERT: $ssl_client_cert\nX-Client-Verify: $ssl_client_verify\nX-Client-DN: $ssl_client_s_dn\nX-Client-Serial: $ssl_client_serial\n";
|
2024-12-22 22:03:58 -05:00
|
|
|
add_header Content-Type text/plain;
|
|
|
|
|
}
|
2024-12-05 10:06:12 -05:00
|
|
|
}
|
