-
Francesco Giacomini authored
In particulare the one in certs shows concrete examples on how to generate VOMS proxies
Francesco Giacomini authoredIn particulare the one in certs shows concrete examples on how to generate VOMS proxies
ngx_http_voms_module
Description
ngx_http_voms_module is a module for the Nginx web server that enables client-side authentication based on X.509 proxy certificates augmented with VOMS Attribute Certificates, typically obtained from a Virtual Organization Membership Service (VOMS) server.
The module defines a set of embedded variables, whose values are extracted from the first Attribute Certificate found in the certificate chain.
Installation
The generic installation instructions are:
$ cd nginx-x.y.z
$ ./configure --add-module=/path/to/ngx_http_voms_module
$ make && make installThe module is written in C++, using features from C++14 that are supported by gcc v. 4.8.5 (the version available in CentOS 7) enabling the option -std=c++1y (see config.make).
A Docker image is available for use in the context of the StoRM2 project, where the OpenResty distribution is used:
$ docker run --rm -it -v /path/to/ngx_http_voms_module:/home/build/ngx_http_voms_module storm2/ngx-voms-build
$ cd openresty-x.y.z
$ ./configure ${RESTY_CONFIG_OPTIONS} --add-module=../ngx_http_voms_module
$ make && make installEmbedded Variables
The module makes the following embedded variables available for use in an Nginx configuration file:
voms_user
The Subject of the End-Entity certificate, used to sign the proxy.
Example: /C=IT/O=IGI/CN=test0
ssl_client_ee_s_dn
Like voms_user, the Subject of the End-Entity certificate. Unlike voms_user, it is available even for non-VOMS proxies and is formatted according to RFC 2253.
Example: CN=test0,O=IGI,C=IT