Revert "erp5: backend apache must not handle Remote-User"

This reverts commit 1bd75eee.

Revert "erp5: backend apache must not handle Remote-User"
This reverts commit 1bd75eee.
d83217b9 · Rafael Monnerat · e6b0a89a · d83217b9 · d83217b9
Commit d83217b9 authored Mar 28, 2024 by Rafael Monnerat
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

stack/erp5/buildout.hash.cfg stack/erp5/buildout.hash.cfg +1 -1

stack/erp5/haproxy.cfg.in stack/erp5/haproxy.cfg.in +3 -0

No files found.
--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -94,7 +94,7 @@ md5sum = 0fad9497da12ed0186dca5236c23f3a7

 [template-haproxy-cfg]
 filename = haproxy.cfg.in
-md5sum = 50c72e1934e589b0e26918cc53ee1fc0
+md5sum = 2cd76971b64b0bf7771978ad07bfc2e5

 [template-rsyslogd-cfg]
 filename = rsyslogd.cfg.in

--- a/stack/erp5/haproxy.cfg.in
+++ b/stack/erp5/haproxy.cfg.in
@@ -192,6 +192,9 @@ listen {{ name }}

  # remove X-Forwarded-For unless client presented a verified certificate
  http-request del-header X-Forwarded-For unless { ssl_c_verify 0 } { ssl_c_used 1 }
+  # set Remote-User if client presented a verified certificate
+  http-request del-header Remote-User
+  http-request set-header Remote-User %{+Q}[ssl_c_s_dn(cn)] if { ssl_c_verify 0 } { ssl_c_used 1 }

  # reject invalid host header before using it in path
  http-request deny deny_status 400 if { req.hdr(host) -m sub / }