onnimonni/ssl_client_cert_if.conf

## ssl_client_cert_if.conf
##
# I wanted to use same ssl client certificate CA in nginx for multple client certs
# but restrict the users outside our organisation accessing everything.
# Because I can decide what to put into the emailAddress I can force verify everything and only pass the proper users.
##

##
# This way you can restrict users only with email addresses from @koodimonni.fi
# Put this into http context in nginx configs
##

map $ssl_client_s_dn $koodimonni_user {
  default "false";
  ~emailAddress=.*@koodimonni.fi "true";
}

##
# Use the result in if
##
if ($koodimonni_user = "true") {
  proxy_pass some_super_secure_server;
}
	##
	# I wanted to use same ssl client certificate CA in nginx for multple client certs
	# but restrict the users outside our organisation accessing everything.
	# Because I can decide what to put into the emailAddress I can force verify everything and only pass the proper users.
	##

	##
	# This way you can restrict users only with email addresses from @koodimonni.fi
	# Put this into http context in nginx configs
	##

	map $ssl_client_s_dn $koodimonni_user {
	default "false";
	~emailAddress=.*@koodimonni.fi "true";
	}

	##
	# Use the result in if
	##
	if ($koodimonni_user = "true") {
	proxy_pass some_super_secure_server;
	}