Closed rhomeister closed 9 years ago
Note that the biggest change is a refactor of the nginx_conf.erb. SSL client authentication operates on a different port. Since the server directives of the main port (443) and the SSL client authentication port are almost identical, I dried the code a little by rendering the server directive template twice.
Hi @rhomeister, the feature blows my mind since I'm not sure I understand what to use it for. But I'm okay this gets merged if you use this.
I left 2 minor comments in the code. It would be great if you fixed those.
Also, can you please update the CHANGELOG
file?
Other than this, merge when you're ready.
Hi @rhomeister, I've also added you as a gem owner in #49 :tada: :tada: That way you can make a new release to rubygems.org when this is merged.
@bruno- Done. I've also added a lot more documentation and explanation about this feature to the wiki.
Released as 3.3.0
This commit makes it possible to perform client authentication via SSL certificates. The client provides an SSL certificate which is passed to Rails. Based on custom computation, controllers can decide whether to grant access.
This commit changes the following:
nginx_pass_ssl_client_cert
. If true, nginx is configured to pass the SSL certificate of the client to Rails. Rails receives these asrequest.headers['X-Client-Cert']
orrequest.headers['rack.session']['X-Client-Cert']
template
method.nginx_pass_ssl_client_cert
is true, an additional server directive is generated for port 444, which accepts SSL client certificate authentication.If this pull request is accepted. I will add additional documentation and information on how to create controllers for validating the SSL certificate of the client. The main benefit of passing SSL certificates to Rails, instead of configuring these in nginx, is that no nginx configuration has to be changed when adding or revoking SSL certificates. Moreover, different controllers can allow different SSL sets of certificates, without creating additional server or location directives in nginx conf.