doc update
This commit is contained in:
parent
3768a0c103
commit
c23cd26a39
21
README
21
README
|
@ -1,6 +1,20 @@
|
||||||
== Configure Nginx to launch SSL authentication ==
|
Intro
|
||||||
|
=====
|
||||||
|
|
||||||
Configure urls requiring SSL authentication
|
This module allows user authentication and registration using Belgian eID card.
|
||||||
|
The main idea is to redirect user on an alternative port, requiring SSL
|
||||||
|
authentication and using SSL certificate data to authenticate user.
|
||||||
|
|
||||||
|
Config
|
||||||
|
======
|
||||||
|
|
||||||
|
Urls looking for SSL data must be defined on a separate port which should be
|
||||||
|
declared in your BEID_AUTH_PORT setting(defaults to 8443).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Configure Nginx
|
||||||
|
===============
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 8443;
|
listen 8443;
|
||||||
|
@ -20,7 +34,7 @@ server {
|
||||||
return 301 https://$host/;
|
return 301 https://$host/;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/accounts/beid/(signin|add) {
|
location ~ ^/accounts/beid/(x509|signin|add|activate/.*) {
|
||||||
proxy_pass http://localhost:8000;
|
proxy_pass http://localhost:8000;
|
||||||
proxy_read_timeout 600;
|
proxy_read_timeout 600;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
@ -33,6 +47,7 @@ server {
|
||||||
proxy_set_header Ssl-Client-S-Dn $ssl_client_s_dn;
|
proxy_set_header Ssl-Client-S-Dn $ssl_client_s_dn;
|
||||||
proxy_set_header Ssl-Client-Serial $ssl_client_serial;
|
proxy_set_header Ssl-Client-Serial $ssl_client_serial;
|
||||||
proxy_set_header Ssl-Client-Cert $ssl_client_cert;
|
proxy_set_header Ssl-Client-Cert $ssl_client_cert;
|
||||||
|
proxy_set_header Ssl-Client-Verify $ssl_client_verify;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue