aisaka: configure client certificate check on test subdomain

author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-05-03 11:37:02 +0200
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-05-03 11:39:12 +0200
commit: 47e7dceb7af28e927d14b4dc14f1e164f555b077 (patch)
tree: 9660f43183ec178b4c95423cebeace6e65490d1c /deployment
parent: 64d984a202d51fda242e3600bbc83caf127f4040 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 01d46e8..4f76ca3 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -404,10 +404,16 @@
        (listen (list "192.168.10.2:443 ssl"))
        (root "/home/marek/Publiczne/www")
        (server-name (list "www.marekpasnikowski.pl")))
+      ;; Test
       (gnu:services:web:nginx-server-configuration
+        (locations (list (gnu:services:web:nginx-location-configuration
+                            (body (list "if ($ssl_client_verify != SUCCESS) {return 403;}"))
+                            (uri  "/"))))
         (listen (list "192.168.10.2:443 ssl"))
         (root "/home/marek/Publiczne/test")
-        (server-name (list "test.marekpasnikowski.pl")))
+        (server-name (list "test.marekpasnikowski.pl"))
+        (raw-content (list "ssl_client_certificate /home/marek/CA/intermediate-authority.cert.pem;"
+                           "ssl_verify_client optional;")))
       ;; Radicale
       ((@ (gnu services web) nginx-server-configuration)
        (locations
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-05-03 11:37:02 +0200
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-05-03 11:39:12 +0200
commit	47e7dceb7af28e927d14b4dc14f1e164f555b077 (patch)
tree	9660f43183ec178b4c95423cebeace6e65490d1c /deployment
parent	64d984a202d51fda242e3600bbc83caf127f4040 (diff)