Интеграции — Basic, Bearer и mTLS на практике — Терминация на Ingress (Nginx)

Код IT Загрузка примера кода…

server {
    listen 443 ssl;
    server_name api.payments.example;

    ssl_certificate     /etc/nginx/tls/server.crt;
    ssl_certificate_key /etc/nginx/tls/server.key;

    ssl_client_certificate /etc/nginx/tls/partners-ca.crt;
    ssl_verify_client    on;
    ssl_verify_depth     2;

    location /v1/ {
        if ($ssl_client_s_dn = "") { return 403; }
        proxy_set_header X-Client-Cert-Subject $ssl_client_s_dn;
        proxy_pass http://payments-api;
    }
}

server {
    listen 443 ssl;
    server_name api.payments.example;

    ssl_certificate     /etc/nginx/tls/server.crt;
    ssl_certificate_key /etc/nginx/tls/server.key;

    ssl_client_certificate /etc/nginx/tls/partners-ca.crt;
    ssl_verify_client    on;
    ssl_verify_depth     2;

    location /v1/ {
        if ($ssl_client_s_dn = "") { return 403; }
        proxy_set_header X-Client-Cert-Subject $ssl_client_s_dn;
        proxy_pass http://payments-api;
    }
}