Problems with client authentication and reverse-proxy

lyf · November 30, 2021, 3:37pm

1. Caddy version (`caddy version`):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

caddy run

a. System environment:

NAME=“Ubuntu”
VERSION=“20.04.3 LTS (Focal Fossa)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 20.04.3 LTS”
VERSION_ID=“20.04”

d. My complete Caddyfile or JSON config:

(proxy_upstream) {
        # Enable access logging to STDOUT
        log

        reverse_proxy https://BACKEND.com {
                header_up Host {upstream_hostport}
                header_up X-Forwarded-Host {host}}
                transport http {
                        #tls_insecure_skip_verify
                        compression off
                }
        }
}

https://FRONEND.com {
        tls internal {
                client_auth {
                        mode require
                        trusted_leaf_cert_file /path/to/client.pem
                }
        }
        import proxy_upstream
}

3. The problem I’m having:

I’m trying to use client authentication for my Caddy, if auth is OK the request is sent to backend. The request to backend should not include client authentication, this is only between client and Caddy reverse-proxy.
I would like to only allow a single client certificate.

4. Error messages and/or full log output:

Never see the inbound request im my stdout log.

francislavoie · November 30, 2021, 3:48pm

What’s the problem exactly? What’s not working? What’s in your logs?

lyf · December 8, 2021, 2:36pm

I got it working, changed the trusted_leaf_cert to base64 encoded DER. Thanks

system · December 30, 2021, 3:38pm

This topic was automatically closed after 30 days. New replies are no longer allowed.