Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. Feature Request: Client Certificate Authentication

Feature Request: Client Certificate Authentication

Scheduled Pinned Locked Moved Unsolved Discuss
7 Posts 4 Posters 1.1k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • technotameT Offline
      technotameT Offline
      technotame
      wrote on last edited by
      #1

      I'd like to request client certificate authentication as an additional feature. It may not be appropriate for every app, but an option to enable it for some would add a great extra level of security.

      Thanks.

      1 Reply Last reply
      2
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        I am not aware of any of our apps, who would be able to support that. Looks like this would be rather a reverse proxy feature, and then some kind of token would be set for upstream headers, to be consumed by the app. But also there I have no idea how app support looks like in that area.

        1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          @technotame As a workaround, maybe https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth is an option (i.e you have to use cloudflare)

          1 Reply Last reply
          1
          • technotameT Offline
            technotameT Offline
            technotame
            wrote on last edited by
            #4

            I'm not sure I have the Cloudron architecture down right, but I thought that each was reverse proxied through the main Cloudron nginx instance? If so, it seems like it would be easy to configure per app client cert authentication, whether the app behind supports it or not. If each app is running its own webserver, which may be the case, then it would be app dependent and not nearly as feasible.

            Thanks for the recommendation @girish. I can look into it, but I'd prefer not to involve a 3rd party if possible.

            1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #5

              @technotame I think you got it right, I was only offering a workaround. Cloudron has a reverse proxy in which we can configure client cert authentication. Apps itself talk only http. The reverse proxy holds the certs. So, this can be implemented at the platform level.

              1 Reply Last reply
              0
              • technotameT Offline
                technotameT Offline
                technotame
                wrote on last edited by
                #6

                Awesome, I'm glad it's a possibility. It's obviously not a high priority feature, but do you think it could be added to the roadmap at some point?

                1 Reply Last reply
                0
                • potemkin_aiP Offline
                  potemkin_aiP Offline
                  potemkin_ai
                  wrote on last edited by
                  #7

                  Bumping this up

                  1 Reply Last reply
                  0
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search