Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Unsolved Feature Request: Client Certificate Authentication

    Discuss
    3
    6
    269
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • technotame
      technotame last edited by

      I'd like to request client certificate authentication as an additional feature. It may not be appropriate for every app, but an option to enable it for some would add a great extra level of security.

      Thanks.

      1 Reply Last reply Reply Quote 2
      • nebulon
        nebulon Staff last edited by

        I am not aware of any of our apps, who would be able to support that. Looks like this would be rather a reverse proxy feature, and then some kind of token would be set for upstream headers, to be consumed by the app. But also there I have no idea how app support looks like in that area.

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by

          @technotame As a workaround, maybe https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth is an option (i.e you have to use cloudflare)

          1 Reply Last reply Reply Quote 1
          • technotame
            technotame last edited by

            I'm not sure I have the Cloudron architecture down right, but I thought that each was reverse proxied through the main Cloudron nginx instance? If so, it seems like it would be easy to configure per app client cert authentication, whether the app behind supports it or not. If each app is running its own webserver, which may be the case, then it would be app dependent and not nearly as feasible.

            Thanks for the recommendation @girish. I can look into it, but I'd prefer not to involve a 3rd party if possible.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff last edited by

              @technotame I think you got it right, I was only offering a workaround. Cloudron has a reverse proxy in which we can configure client cert authentication. Apps itself talk only http. The reverse proxy holds the certs. So, this can be implemented at the platform level.

              1 Reply Last reply Reply Quote 0
              • technotame
                technotame last edited by

                Awesome, I'm glad it's a possibility. It's obviously not a high priority feature, but do you think it could be added to the roadmap at some point?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Powered by NodeBB