For Microgateway, I'm assuming that using the following config we can configure mutual TLS and require a client certificate for northbound calls for all MG proxies on the MG instance:
edgemicro: ssl: key: <absolute path to the SSL key file> cert: <absolute path to the SSL cert file> passphrase: admin123 rejectUnauthorized: true requestCert: true ca: <absolute path to the file containing a list of trusted certificates in PEM format.>
However, it would be great if we could specify mutual TLS only for specific proxies like this!
proxies: - edgemicro_proxy-1 ssl: requestCert: true ca: <absolute path to the file containing a list of trusted certificates in PEM format.>
Technically this posting isn't a question -- so let's make one out of it. is it possible to do it?
I think this feature is not possible to implement. TLS negotiation happens much before proxies, basePaths. I suspect even http servers like nginx will force you to create different ports for mTLS vs. TLS.
I also ran into this issue. I came up with a couple of solutions:
Option 2 resembles a little bit to vhosts on Edge. It's not really advisable to modify the source code, however it was fun to play around with it.
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |