vl-homutov
commented
6 years ago I would rather not. There are a lot of TLS-related (and not) options, and adding special header for each seems like a never-ending story. Probably we need a separate configuration file for daemon with rarely used options and a way to select it from nginx. The suggested option refers local file and this does not allow to run auth daemon in a stateless container, that gets all required configuration in headers. If you are adding certificates to host with auth daemon, you may as well configure it to run with corresponding command-line options. Will this work for you?
Our organisation has its own Certification Authority that issues all the internal certificates, including the LDAPS certificate. This patch adds support for setting a custom CA chain path through a new proxy header X-Ldap-CACertFile.