1
23.7 Production Series / HAproxy: Syncthing Discovery server with forwarded client certificate in header
« on: September 02, 2023, 06:49:27 pm »
Hello,
I want to use the Syncthing Discovery server behind HAproxy with ssl offloading by HAproxy. To do so I set the discovery server to http (option -http). The connection is running. But I must forward the client certificate by header X-SSL-Cert. Acc. the manual the header is required in PEM format.
This would add the client cert in der format what is not recognized by the discovery server:
I modified the line to create a pem file. Either nothing is in or it is in wrong format.
Connection is running. But discovery still cannot read the client cert:
Any idea how to set-up the forwarding of client certificate by header correctly in OPNsense?
I want to use the Syncthing Discovery server behind HAproxy with ssl offloading by HAproxy. To do so I set the discovery server to http (option -http). The connection is running. But I must forward the client certificate by header X-SSL-Cert. Acc. the manual the header is required in PEM format.
This would add the client cert in der format what is not recognized by the discovery server:
Code: [Select]
http-request set-header X-SSL-Cert %{+Q}[ssl_c_der,base64]
I modified the line to create a pem file. Either nothing is in or it is in wrong format.
Code: [Select]
http-request set-header X-SSL-Cert -BEGIN\ CERTIFICATE-\ %[ssl_c_der,base64]\ -END\ CERTIFICATE-\ # don't forget last space
Connection is running. But discovery still cannot read the client cert:
Code: [Select]
no certificates: certificate decode result is empty
Any idea how to set-up the forwarding of client certificate by header correctly in OPNsense?