haydenwoodhead
commented
4 years ago Thanks for the suggestion but I think mutual TLS termination belongs at the reverse proxy level.
mTLS would add significant code and config complexity for what is a quite niche deployment scenario. It would need the ability to have no TLS, TLS and mTLS with several configuration options for each scenario this would bloat out an already large number of config parameters. On top of that it would need to be able to have certain routes (i.e the mailgun incoming route) that aren't subject to mTLS which would require routing refactoring.
Finally, I just don't have any experience with mTLS and there are some glaring issues with bk that I'd rather sort out first (logging and UI/UX) before tackling TLS.
Hi,
Love your no bullshit approach. Is it possible you could add a client SSL cert validation? This would solve authentication issues, without the need to deploy, say, Nginx in front of burner.kiwi.