guix/maintenance
2
0
Fork 0
mirror of git://git.savannah.gnu.org/guix/maintenance.git synced 2023-12-14 03:33:04 +01:00
Code Issues Releases Wiki Activity

nginx: berlin: Require authentication for Cuirass /admin routes.

Browse source 
* hydra/nginx/berlin.scm (berlin-locations): Require client
certificate authentication on /admin location.
(%berlin-servers): Verify client certificate optionally on
ci.guix.gnu.org.
This commit is contained in:
Ricardo Wurmus 2019-10-30 13:11:28 +01:00
parent 16c4bd7162
commit 7b3957b7a2
No known key found for this signature in database
GPG key ID: 197A5888235FACAC
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
hydra/nginx/berlin.scm
View file

@ -171,6 +171,10 @@ PUBLISH-URL."
(nginx-location-configuration
(uri "/")
(body (list "proxy_pass http://localhost:8081;")))
(nginx-location-configuration
(uri "~ ^/admin")
(body
(list "if ($ssl_client_verify != SUCCESS) { return 403; } proxy_pass http://localhost:8081;")))
(nginx-location-configuration
(uri "/static")
@ -575,7 +579,11 @@ PUBLISH-URL."
"access_log /var/log/nginx/https.access.log;"
"proxy_set_header X-Forwarded-Host $host;"
"proxy_set_header X-Forwarded-Port $server_port;"
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))))
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
;; For Cuirass admin interface authentication
"ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
"ssl_crl /etc/ssl-ca/private/ca.crl;"
"ssl_verify_client optional;"))))
(nginx-server-configuration
(listen '("443 ssl"))