Enable mTLS

uber · Dec 31, 2024 · 65b9428 · 65b9428
1 parent fa42ec5
commit 65b9428
Showing 1 changed file with 3 additions and 8 deletions.
diff --git a/nginx/config/default.go b/nginx/config/default.go
@@ -4,7 +4,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//     http://www.apache.org/licenses/LICENSE-2.0
+//	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ -29,15 +29,10 @@ var _nameToDefaultTemplate = map[string]string{
 // DefaultClientVerification is the default nginx configuration for
 // client verification in the server block.
 const DefaultClientVerification = `
-ssl_verify_client optional;
+ssl_verify_client on;
 set $required_verified_client 1;
-if ($scheme = http) {
-  set $required_verified_client 0;
-}
-if ($request_method ~ ^(GET|HEAD)$) {
-  set $required_verified_client 0;
-}
 if ($remote_addr = "127.0.0.1") {
+  ssl_verify_client optional;
   set $required_verified_client 0;
 }