Unsolved Feature Request: Client Certificate Authentication
-
I'd like to request client certificate authentication as an additional feature. It may not be appropriate for every app, but an option to enable it for some would add a great extra level of security.
Thanks.
-
I am not aware of any of our apps, who would be able to support that. Looks like this would be rather a reverse proxy feature, and then some kind of token would be set for upstream headers, to be consumed by the app. But also there I have no idea how app support looks like in that area.
-
@technotame As a workaround, maybe https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth is an option (i.e you have to use cloudflare)
-
I'm not sure I have the Cloudron architecture down right, but I thought that each was reverse proxied through the main Cloudron nginx instance? If so, it seems like it would be easy to configure per app client cert authentication, whether the app behind supports it or not. If each app is running its own webserver, which may be the case, then it would be app dependent and not nearly as feasible.
Thanks for the recommendation @girish. I can look into it, but I'd prefer not to involve a 3rd party if possible.
-
@technotame I think you got it right, I was only offering a workaround. Cloudron has a reverse proxy in which we can configure client cert authentication. Apps itself talk only http. The reverse proxy holds the certs. So, this can be implemented at the platform level.
-
Awesome, I'm glad it's a possibility. It's obviously not a high priority feature, but do you think it could be added to the roadmap at some point?
