diff options
| author | Tobias Wiese <tobias@tobiaswiese.com> | 2021-01-30 16:46:57 +0100 |
|---|---|---|
| committer | Tobias Wiese <tobias@tobiaswiese.com> | 2021-01-30 16:46:57 +0100 |
| commit | 8b6e18e950f7df9dd35304e0b2e2200ba2624ebe (patch) | |
| tree | 9004ab2e9dcc811dd978397941a416cbff499764 | |
| parent | 0fa93821680fdf1c25105afb60da8d2ec065c1be (diff) | |
http: Use client certificate
For some http requests nginx checks if the user is authenticated with a
client certificate and denies that request otherwise.
This adds client certificate authentication to http checks, so that the
requests are actually handled.
Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | zones.d/master/services.conf | 2 |
2 files changed, 4 insertions, 0 deletions
@@ -1 +1,3 @@ /master-secrets.conf +/client.crt +/client.key diff --git a/zones.d/master/services.conf b/zones.d/master/services.conf index a468dc4..4195995 100644 --- a/zones.d/master/services.conf +++ b/zones.d/master/services.conf @@ -67,6 +67,8 @@ template Service "http" { vars += { http_vhost = http_vhost http_sni = true + http_clientcert = "/etc/icinga2/client.crt" + http_privatekey = "/etc/icinga2/client.key" http_warn_time = 0.2s http_critical_time = 0.3s } |