1. Caddy version (caddy version
):
Caddy v2 / Debian package
2. How I run Caddy:
caddy run + json file
a. System environment:
Linux Debian
b. Command:
caddy run
curl localhost:2019/load -X POST -H "Content-Type: application/json" -d @nagios_formated.json
c. Service/unit/compose file:
d. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"logs": {
"logger_names": {
"caddy.test.local": "log0"
}
},
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "10.13.102.50:80"
}
],
"headers": {
"request": {
"add": {
"CENTREON":["{SSL_CLIENT_SAN_Email_0}"]
}
}
}
}
]
}
]
}
],
"match": [
{
"host": [
"caddy.test.local"
]
}
],
"terminal": true
}
],
"tls_connection_policies": [
{
"certificate_selection": {
"any_tag": [
"cert0"
]
},
"client_authentication": {
"mode": "require_and_verify",
"trusted_ca_certs": [
"MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g=="
]
},
"match": {
"sni": [
"caddy.test.local"
]
},
"protocol_min": "tls1.2"
},
{}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/etc/caddy/ssl/caddy_test.local.cer",
"key": "/etc/caddy/ssl/caddy_test.local.key",
"tags": [
"cert0"
]
}
]
}
}
},
"logging": {
"logs": {
"default": {
"exclude": [
"http.log.access.log0"
],
"level":"DEBUG"
},
"log0": {
"include": [
"http.log.access.log0"
],
"level":"DEBUG",
"writer": {
"filename": "/var/log/access.log",
"output": "file"
}
}
}
}
}
CENTREON:[{SSL_CLIENT_SAN_Email_0}]
3. The problem I’m having:
Hi,
I’m setting up a reverse proxy to acces an application. I want ton control acces with client certs on the caddy revese proxy (working)
Now I want to pass some variable to my upstream server : In need to read the {SSL_CLIENT_SAN_Email_0}" from my client cert and send it to my server.
4. Error messages and/or full log output:
No error, phpinfo display a null value :
$_SERVER['HTTP_CENTREON'] *no value*
5. What I already tried:
Tried different values :
- CENTREON:[{SSL_CLIENT_SAN_Email_0}]
- CENTREON:[{env.SSL_CLIENT_SAN_Email_0}]
Same thing.
If I put a mail hardcoded, it is working, php is receiving the correct value :
- CENTREON:[“test@email.com”]
Dis someone have an idea on how to set it up ?
Thanks in advance
Juju