1. Caddy version (caddy version
):
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
I run caddy as docker swarm reverse proxy: GitHub - lucaslorentz/caddy-docker-proxy: Caddy as a reverse proxy for Docker
a. System environment:
RancherOS v1.5.6, Docker CE 19.03.5, lucaslorentz/caddy-docker-proxy:2.3.0
b. Command:
I use caddy as docker swarm reverse proxy and it works fine!
Now I tested tls client_auth and it works too. I used an existing eToken and configured tls client auth.
caddy.tls.client_auth.mode: "require"
caddy.tls.client_auth.trusted_ca_cert_file: "/data/nwe/nwe-ca.cert"
Generated caddy config:
tls {
client_auth {
mode require
trusted_ca_cert_file /data/nwe/nwe-ca.cert
}
}
3. The problem I’m having:
If tls client auth fails (for example can’t be verified), there is a log entry, but in mode “require” (without verify) tls client auth is successful, but not logged?
- Is it possible to require a specified client / user certificate instead of just any client certificate?
- How to add the used client certificate to caddy log and http headers?