From 5a3235650a1dde15c37c2c848d046f1bec93d841 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20van=20Br=C3=BCgge?= Date: Tue, 24 Dec 2019 19:15:11 +0100 Subject: [PATCH 1/2] Allow to set client certificates via env variable --- README.md | 1 + image/environment/default.yaml | 1 + image/service/phpldapadmin/assets/apache2/https.conf | 1 + 3 files changed, 3 insertions(+) diff --git a/README.md b/README.md index e16918f..a221429 100644 --- a/README.md +++ b/README.md @@ -191,6 +191,7 @@ HTTPS : - **PHPLDAPADMIN_HTTPS_CRT_FILENAME**: Apache ssl certificate filename. Defaults to `phpldapadmin.crt` - **PHPLDAPADMIN_HTTPS_KEY_FILENAME**: Apache ssl certificate private key filename. Defaults to `phpldapadmin.key` - **PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME**: Apache ssl CA certificate filename. Defaults to `ca.crt` +- **PHPLDAPADMIN_HTTPS_VERIFY_CLIENT**: Apache client certificate configuration. Possible values are `optional`, `require`, `none`. Defaults to `optional` Reverse proxy HTTPS : - **PHPLDAPADMIN_TRUST_PROXY_SSL**: Set to `true` to trust X-Forwarded-Proto header diff --git a/image/environment/default.yaml b/image/environment/default.yaml index 828b843..017d7da 100644 --- a/image/environment/default.yaml +++ b/image/environment/default.yaml @@ -12,6 +12,7 @@ PHPLDAPADMIN_HTTPS: true PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt +PHPLDAPADMIN_HTTPS_VERIFY_CLIENT: optional PHPLDAPADMIN_TRUST_PROXY_SSL: false diff --git a/image/service/phpldapadmin/assets/apache2/https.conf b/image/service/phpldapadmin/assets/apache2/https.conf index a0c39e3..1d9221d 100644 --- a/image/service/phpldapadmin/assets/apache2/https.conf +++ b/image/service/phpldapadmin/assets/apache2/https.conf @@ -11,6 +11,7 @@ SSLCertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME} SSLCertificateKeyFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME} #SSLCACertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME} + SSLVerifyClient ${PHPLDAPADMIN_HTTPS_VERIFY_CLIENT} Include /etc/apache2/conf-available/gzip.conf Include /etc/apache2/conf-available/cache.conf From 7b2152533fd97f3d53b4e8d3cad448cccbb8a674 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20van=20Br=C3=BCgge?= Date: Sun, 25 Oct 2020 20:46:05 +0100 Subject: [PATCH 2/2] Allow to specify CA verification depth --- image/environment/default.yaml | 1 + image/service/phpldapadmin/assets/apache2/https.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/image/environment/default.yaml b/image/environment/default.yaml index 017d7da..842b314 100644 --- a/image/environment/default.yaml +++ b/image/environment/default.yaml @@ -13,6 +13,7 @@ PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt PHPLDAPADMIN_HTTPS_VERIFY_CLIENT: optional +PHPLDAPADMIN_HTTPS_VERIFY_DEPTH: "1" PHPLDAPADMIN_TRUST_PROXY_SSL: false diff --git a/image/service/phpldapadmin/assets/apache2/https.conf b/image/service/phpldapadmin/assets/apache2/https.conf index 1d9221d..b77dff9 100644 --- a/image/service/phpldapadmin/assets/apache2/https.conf +++ b/image/service/phpldapadmin/assets/apache2/https.conf @@ -12,6 +12,7 @@ SSLCertificateKeyFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME} #SSLCACertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME} SSLVerifyClient ${PHPLDAPADMIN_HTTPS_VERIFY_CLIENT} + SSLVerifyDepth ${PHPLDAPADMIN_HTTPS_VERIFY_DEPTH} Include /etc/apache2/conf-available/gzip.conf Include /etc/apache2/conf-available/cache.conf