Add Support for X-Forwarded-Tls-Client-Cert #12178
Labels
Comments
|
I would highly appreciate this feature! The best solution would be not only to add a list of supported headers but instead to be able to customize the forwarded headers to support all kind of proxies / load balancers in the future! |
|
We need exactly this feature for our environment with load balancer and client certificate authentication |
heatherezell
added
community-sentiment
|
@hsimon-hashicorp - Any update on this? - accepted/backlogged/planned? |
|
I would like to be able to use custom header like "X-SSL-Cert" with Nginx Reverse Proxy. I agree that there is need for this feature. I currently can't use cert auth due to this feature missing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Is your feature request related to a problem? Please describe.
Currently if you would like to enable certificate authentication, you cannot use SSL offloading since the SSL connection would terminate at the proxy and the only supported X- header is X-Forwarded-For.
Describe the solution you'd like
Add support for the various headers that allow a proxy to include the client cert.
Traefik = X-Forwarded-Tls-Client-Cert
Envoy = X-Forwarded-Client-Cert
F5 = X-Client-Cert
Describe alternatives you've considered
The other option is to disable SSL offloading.
Explain any additional use-cases
This would allow for better integration with various reverse-proxy servers.
The text was updated successfully, but these errors were encountered: