diff --git a/README.md b/README.md index e16918f..a221429 100644 --- a/README.md +++ b/README.md @@ -191,6 +191,7 @@ HTTPS : - **PHPLDAPADMIN_HTTPS_CRT_FILENAME**: Apache ssl certificate filename. Defaults to `phpldapadmin.crt` - **PHPLDAPADMIN_HTTPS_KEY_FILENAME**: Apache ssl certificate private key filename. Defaults to `phpldapadmin.key` - **PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME**: Apache ssl CA certificate filename. Defaults to `ca.crt` +- **PHPLDAPADMIN_HTTPS_VERIFY_CLIENT**: Apache client certificate configuration. Possible values are `optional`, `require`, `none`. Defaults to `optional` Reverse proxy HTTPS : - **PHPLDAPADMIN_TRUST_PROXY_SSL**: Set to `true` to trust X-Forwarded-Proto header diff --git a/image/environment/default.yaml b/image/environment/default.yaml index 828b843..842b314 100644 --- a/image/environment/default.yaml +++ b/image/environment/default.yaml @@ -12,6 +12,8 @@ PHPLDAPADMIN_HTTPS: true PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt +PHPLDAPADMIN_HTTPS_VERIFY_CLIENT: optional +PHPLDAPADMIN_HTTPS_VERIFY_DEPTH: "1" PHPLDAPADMIN_TRUST_PROXY_SSL: false diff --git a/image/service/phpldapadmin/assets/apache2/https.conf b/image/service/phpldapadmin/assets/apache2/https.conf index a0c39e3..b77dff9 100644 --- a/image/service/phpldapadmin/assets/apache2/https.conf +++ b/image/service/phpldapadmin/assets/apache2/https.conf @@ -11,6 +11,8 @@ SSLCertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME} SSLCertificateKeyFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME} #SSLCACertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME} + SSLVerifyClient ${PHPLDAPADMIN_HTTPS_VERIFY_CLIENT} + SSLVerifyDepth ${PHPLDAPADMIN_HTTPS_VERIFY_DEPTH} Include /etc/apache2/conf-available/gzip.conf Include /etc/apache2/conf-available/cache.conf