mirror of https://github.com/MISP/misp-docker
Configuring nginx for cert authentication
If the user enables cert authentication on the docker-compose file we must do the following changes to allow CertAuth to work - Pass on SSL_CLIENT_I_DN and SSL_CLIENT_S_DN to PHP - Enable ssl_client_certificate using /etc/nginx/certs/ca.pem - Enable the CertAuth ( https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth ) plugin on the bootstrap.php filepull/1/head
parent
c760dc269d
commit
0c84e0b71b
|
@ -168,6 +168,17 @@ if [[ ! "$SECURESSL" == true && ! -f /etc/nginx/certs/dhparams.pem ]]; then
|
|||
openssl dhparam -out /etc/nginx/certs/dhparams.pem 2048
|
||||
fi
|
||||
|
||||
if [[ $CERTAUTH = @(optional|on) ]]; then
|
||||
echo "Configure NGINX | Enabling SSL Cert Authentication"
|
||||
grep -qxF 'fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;' /etc/nginx/snippets/fastcgi-php.conf || echo 'fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;' >> /etc/nginx/snippets/fastcgi-php.conf
|
||||
grep -qxF 'fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;' /etc/nginx/snippets/fastcgi-php.conf || echo 'fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;' >> /etc/nginx/snippets/fastcgi-php.conf
|
||||
grep -qF 'ssl_client_certificate' /etc/nginx/sites-enabled/misp || sed -i '/ssl_prefer_server_ciphers/a ssl_client_certificate /etc/nginx/certs/ca.pem;' /etc/nginx/sites-enabled/misp
|
||||
grep -qF 'ssl_verify_client' /etc/nginx/sites-enabled/misp || sed -i "/ssl_prefer_server_ciphers/a ssl_verify_client $CERTAUTH;" /etc/nginx/sites-enabled/misp
|
||||
|
||||
echo "Configure bootstrap | Enabling Cert Auth Plugin - Don't forget to configure it https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth (Step 2)"
|
||||
sed -i "s/\/\/ CakePlugin::load('CertAuth');/CakePlugin::load('CertAuth');/" $MISP_APP_CONFIG_PATH/bootstrap.php
|
||||
fi
|
||||
|
||||
if [[ "$DISIPV6" == true ]]; then
|
||||
echo "Configure NGINX | Disabling IPv6"
|
||||
sed -i "s/listen \[\:\:\]/\#listen \[\:\:\]/" /etc/nginx/sites-enabled/misp80
|
||||
|
|
Loading…
Reference in New Issue