mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-04 16:33:32 +00:00
366efc8ac2
When an access list contains client CAs, the combined CA auth file is added to all location blocks via an `if` statement. This allows LetsEncrypt and other support paths to work, while correctly denying access to the protected resources.
32 lines
796 B
Plaintext
32 lines
796 B
Plaintext
{% if access_list_id > 0 %}
|
|
{% if access_list.clientcas.size > 0 %}
|
|
# TLS Client Certificate Authorization
|
|
if ($ssl_client_verify != "SUCCESS") {
|
|
return 403;
|
|
}
|
|
{% endif %}
|
|
{% if access_list.items.length > 0 %}
|
|
# Authorization
|
|
auth_basic "Authorization required";
|
|
auth_basic_user_file /data/access/{{ access_list_id }};
|
|
|
|
{% if access_list.pass_auth == 0 %}
|
|
proxy_set_header Authorization "";
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
# Access Rules: {{ access_list.clients | size }} total
|
|
{% for client in access_list.clients %}
|
|
{{client | nginxAccessRule}}
|
|
{% endfor %}
|
|
deny all;
|
|
|
|
# Access checks must...
|
|
{% if access_list.satisfy_any == 1 %}
|
|
satisfy any;
|
|
{% else %}
|
|
satisfy all;
|
|
{% endif %}
|
|
{% endif %}
|