Question

0

499

Views

extract CN from client's certificate on nginx-ingress

I'm using kubernetes/ingress-nginx. Task is to extract CN field from client's certificate using nginx ingress. I was searching for a while and found a solution:

   map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
    default "";
    ~CN=(?<CN>[^/,\"]+) $CN;
  }

But I can't adapt this code for nginx ingress.That's what I currently have and it doesn't work.

nginx.ingress.kubernetes.io/http-snippets: |
  map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
    default "";
    ~CN=(?<CN>[^/,\"]+) $CN;
  }
nginx.ingress.kubernetes.io/configuration-snippet: |
  proxy_set_header Remote-User $ssl_client_s_dn_cn;

Probably someone faced with it and know how to adjust this properly, as I'm out of ideas.
If you know more elegant way to do it please share you knowledge here.
Thanks in advance.

over 3 years ago · Santiago Trujillo

1 answers

Answer question

0

Answer question

Find remote jobs

Accepted Answer · 2022-05-09T16:47:56.767Z

I found a solution,hope it may help someone:

    nginx.ingress.kubernetes.io/http-snippet: |
     map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
       default "";
       ~CN=(?<CN>[^/,\"]+) $CN;
     };

    nginx.ingress.kubernetes.io/location-snippet: |
     proxy_set_header REMOTE-USER $ssl_client_s_dn_cn;

0

499

extract CN from client's certificate on nginx-ingress

1 answers

0

Find remote jobs

Andres GPT