Thanks, this almost worked for me. I had to modify this slightly to pass on my client certificate, otherwise the HTTPS Client Auth of Teddycloud fails. My nginx is living outside of docker, serving multiple (sub) domains, so I just have this default/invalid server name at the top of my config:
map $ssl_client_fingerprint $toniebox {
default invalid;
"client_cert_fingerprint" my_toniebox;
}
server {
listen 0.0.0.0:443 http2 ssl;
server_name _;
ssl_certificate /teddycloud/server/fullchain.pem;
ssl_certificate_key /teddycloud/server/ca-key.key;
ssl_verify_client optional_no_ca;
location / {
if ($toniebox ~ my_toniebox)
{
proxy_pass https://127.0.0.1:4444;
proxy_ssl_certificate /teddycloud/client/client.pem;
proxy_ssl_certificate_key /teddycloud/client/client.key;
}
return 444;
}
}
I only have to support one Toniebox right now, but this can be easily extended to support multiple, however in a manual fashion.