starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00

[GH-ISSUE #982] [Question/Feature request] Auth with private SSL #823

New issue

Open

opened 2026-02-26 06:34:34 +03:00 by kerem · 6 comments

kerem commented

2026-02-26 06:34:34 +03:00

Owner

Originally created by @zentaos on GitHub (Mar 29, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/982

Hello guys!

I'm switching from Caddy and I looking for a feature I miss.

In Caddy I can protect the whole server with a single private self-signed SSL.
Users can only access the site if they have it on the client machine.

Is it possible in NPM in some way?
With web or config?

Thanks

Originally created by @zentaos on GitHub (Mar 29, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/982 Hello guys! I'm switching from Caddy and I looking for a feature I miss. In Caddy I can protect the whole server with a single private self-signed SSL. Users can only access the site if they have it on the client machine. Is it possible in NPM in some way? With web or config? Thanks

kerem added the

enhancement

stale

labels

2026-02-26 06:34:34 +03:00

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@DarkVentHead commented on GitHub (Apr 14, 2021):

ssl_client_certificate /YOUR/LOC/HERE/ca.crt; ssl_verify_client on; location / { if ($ssl_client_verify != SUCCESS) { return 403; } # Force SSL include conf.d/include/force-ssl.conf; # Proxy! include conf.d/include/proxy.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; }

Place this code in the advanced section of your proxy host. Make your own CA and certs. Boom. You have user auth.

@DarkVentHead commented on GitHub (Apr 14, 2021): `ssl_client_certificate /YOUR/LOC/HERE/ca.crt; ssl_verify_client on; location / { if ($ssl_client_verify != SUCCESS) { return 403; } # Force SSL include conf.d/include/force-ssl.conf; # Proxy! include conf.d/include/proxy.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; }` Place this code in the advanced section of your proxy host. Make your own CA and certs. Boom. You have user auth.

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@DarkVentHead commented on GitHub (Apr 14, 2021):

ssl_client_certificate /YOU/LOC/HERE/ca.crt;
ssl_verify_client on;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
# Force SSL
include conf.d/include/force-ssl.conf;
# Proxy!
include conf.d/include/proxy.conf;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}

@DarkVentHead commented on GitHub (Apr 14, 2021): ssl_client_certificate /YOU/LOC/HERE/ca.crt; ssl_verify_client on; location / { if ($ssl_client_verify != SUCCESS) { return 403; } # Force SSL include conf.d/include/force-ssl.conf; # Proxy! include conf.d/include/proxy.conf; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; }

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@codyhazelwood commented on GitHub (Aug 17, 2021):

Looks like most of the code above is auto-generated. I found that it works if I add only these two lines to the advanced section:

ssl_client_certificate /YOU/LOC/HERE/ca.crt;
ssl_verify_client on;

@codyhazelwood commented on GitHub (Aug 17, 2021): Looks like most of the code above is auto-generated. I found that it works if I add only these two lines to the advanced section: ``` ssl_client_certificate /YOU/LOC/HERE/ca.crt; ssl_verify_client on; ```

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Mar 15, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Mar 15, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@michi7801 commented on GitHub (Sep 12, 2024):

Would be nice to have a UI to do this.

Also since I had trouble finding this issue/feature-request I want to throw in that this feature is called "mTLS" or "Client-Certificate"

@michi7801 commented on GitHub (Sep 12, 2024): Would be nice to have a UI to do this. Also since I had trouble finding this issue/feature-request I want to throw in that this feature is called "mTLS" or "Client-Certificate"

kerem commented

2026-02-26 06:34:35 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 27, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Apr 27, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem referenced this issue

2026-02-26 07:38:49 +03:00

[PR #830] [MERGED] Updated version fixes #823 #3304

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#823

No description provided.

Rows
Columns