aisaka: configure NGINX client authentication according to DataCadamia

author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-05-11 13:26:25 +0200
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-05-11 13:28:14 +0200
commit: d83f572afef6e88cb86f7eedea9abe933a0f0f86 (patch)
tree: 54ed9babb60dfea92630384d3b77bd0b3f757276
parent: 47e7dceb7af28e927d14b4dc14f1e164f555b077 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 4f76ca3..ceedcc6 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -412,8 +412,9 @@
         (listen (list "192.168.10.2:443 ssl"))
         (root "/home/marek/Publiczne/test")
         (server-name (list "test.marekpasnikowski.pl"))
-        (raw-content (list "ssl_client_certificate /home/marek/CA/intermediate-authority.cert.pem;"
-                           "ssl_verify_client optional;")))
+        (raw-content (list "ssl_client_certificate /home/marek/CA/root_certificate.pem;"
+                           "ssl_verify_client on;"
+                           "ssl_verify_depth 1;")))
       ;; Radicale
       ((@ (gnu services web) nginx-server-configuration)
        (locations
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-05-11 13:26:25 +0200
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-05-11 13:28:14 +0200
commit	d83f572afef6e88cb86f7eedea9abe933a0f0f86 (patch)
tree	54ed9babb60dfea92630384d3b77bd0b3f757276
parent	47e7dceb7af28e927d14b4dc14f1e164f555b077 (diff)