Discover the new way to find a job!

Question

0

8

Views

extract CN from client's certificate on nginx-ingress

I'm using kubernetes/ingress-nginx. Task is to extract CN field from client's certificate using nginx ingress. I was searching for a while and found a solution:

   map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
    default "";
    ~CN=(?<CN>[^/,\"]+) $CN;
  }

But I can't adapt this code for nginx ingress.That's what I currently have and it doesn't work.

nginx.ingress.kubernetes.io/http-snippets: |
  map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
    default "";
    ~CN=(?<CN>[^/,\"]+) $CN;
  }
nginx.ingress.kubernetes.io/configuration-snippet: |
  proxy_set_header Remote-User $ssl_client_s_dn_cn;

Probably someone faced with it and know how to adjust this properly, as I'm out of ideas.
If you know more elegant way to do it please share you knowledge here.
Thanks in advance.

10 days ago ·

Santiago Trujillo

1 answers

Answer question

0

Answer question

Remote jobs

Loading

Accepted Answer · 2022-05-09T16:47:56.767Z

I found a solution,hope it may help someone:

    nginx.ingress.kubernetes.io/http-snippet: |
     map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
       default "";
       ~CN=(?<CN>[^/,\"]+) $CN;
     };

    nginx.ingress.kubernetes.io/location-snippet: |
     proxy_set_header REMOTE-USER $ssl_client_s_dn_cn;