HAproxy: Syncthing Discovery server with forwarded client certificate in header

Tubs · September 02, 2023, 06:49:27 PM

Hello,

I want to use the Syncthing Discovery server behind HAproxy with ssl offloading by HAproxy. To do so I set the discovery server to http (option -http). The connection is running. But I must forward the client certificate by header X-SSL-Cert. Acc. the manual the header is required in PEM format.

This would add the client cert in der format what is not recognized by the discovery server:

Code Select

http-request set-header X-SSL-Cert %{+Q}[ssl_c_der,base64]

I modified the line to create a pem file. Either nothing is in or it is in wrong format.

Code Select

http-request set-header X-SSL-Cert -BEGIN\ CERTIFICATE-\ %[ssl_c_der,base64]\ -END\ CERTIFICATE-\ # don't forget last space

Connection is running. But discovery still cannot read the client cert:

Code Select

no certificates: certificate decode result is empty

Any idea how to set-up the forwarding of client certificate by header correctly in OPNsense?

HAproxy: Syncthing Discovery server with forwarded client certificate in header

Tubs

September 02, 2023, 06:49:27 PM