mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-04 16:33:32 +00:00
6cf91a2e70
drop_unauthorized returns 444 when a client is not authorized as opposed to 403. It can be used with Client Certificate authorization.
32 lines
851 B
Plaintext
32 lines
851 B
Plaintext
{% if access_list_id > 0 %}
|
|
{% if access_list.clientcas.size > 0 %}
|
|
# TLS Client Certificate Authorization
|
|
if ($ssl_client_verify != "SUCCESS") {
|
|
return {% if drop_unauthorized == 1 %}444{% else %}403{% endif %};
|
|
}
|
|
{% endif %}
|
|
{% if access_list.items.length > 0 %}
|
|
# Authorization
|
|
auth_basic "Authorization required";
|
|
auth_basic_user_file /data/access/{{ access_list_id }};
|
|
|
|
{% if access_list.pass_auth == 0 %}
|
|
proxy_set_header Authorization "";
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
# Access Rules: {{ access_list.clients | size }} total
|
|
{% for client in access_list.clients %}
|
|
{{client | nginxAccessRule}}
|
|
{% endfor %}
|
|
deny all;
|
|
|
|
# Access checks must...
|
|
{% if access_list.satisfy_any == 1 %}
|
|
satisfy any;
|
|
{% else %}
|
|
satisfy all;
|
|
{% endif %}
|
|
{% endif %}
|