ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-04 16:33:32 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add template support for all host types to do client CA authorization

Browse Source 
When an access list contains client CAs, the combined CA auth file is
added to all location blocks via an `if` statement. This allows
LetsEncrypt and other support paths to work, while correctly denying
access to the protected resources.
This commit is contained in:
Will Rouesnel
2023-05-29 02:29:42 +10:00
parent fb766d14e9
commit 366efc8ac2
4 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/proxy-host.js
View File

@@ -74,7 +74,7 @@ const internalProxyHost = {
// re-fetch with cert
return internalProxyHost.get(access, {
id: row.id,
expand: ['certificate', 'owner', 'access_list.[clients,items]']
expand: ['certificate', 'owner', 'access_list.[clientcas.certificate,clients,items]']
});
})
.then((row) => {
@@ -188,7 +188,7 @@ const internalProxyHost = {
.then(() => {
return internalProxyHost.get(access, {
id: data.id,
expand: ['owner', 'certificate', 'access_list.[clients,items]']
expand: ['owner', 'certificate', 'access_list.[clientcas.certificate,clients,items]']
})
.then((row) => {
if (!row.enabled) {
@@ -225,7 +225,7 @@ const internalProxyHost = {
.query()
.where('is_deleted', 0)
.andWhere('id', data.id)
.allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
.allowGraph('[owner,access_list.[clientcas.certificate,clients,items],certificate]')
.first();
if (access_data.permission_visibility !== 'all') {
@@ -308,7 +308,7 @@ const internalProxyHost = {
.then(() => {
return internalProxyHost.get(access, {
id: data.id,
expand: ['certificate', 'owner', 'access_list']
expand: ['certificate', 'owner', 'access_list.[clientcas.certificate]']
});
})
.then((row) => {