how to set cert file to yarp for ssl #2316
Description
How can I implement ssl on yarp?
It is briefly explained in the yarp documentation, but I did not understand why I should do this
ClientCert
Forwards the client cert used on the inbound connection as a header to destination
| Key | Value | Required |
|---|---|---|
| ClientCert | The header name | yes |
Config:
{ "ClientCert": "X-Client-Cert" }
Code:
routeConfig = routeConfig.WithTransformClientCertHeader(headerName: "X-Client-Cert");
transformBuilderContext.AddClientCertHeader(headerName: "X-Client-Cert");
Example:
X-Client-Cert: SSdtIGEgY2VydGlmaWNhdGU...
As the inbound and outbound connections are independent, there needs to be a way to pass any inbound client certificate to the destination server. This transform causes the client certificate taken from HttpContext.Connection.ClientCertificate to be Base64 encoded and set as the value for the given header name. The destination server may need that certificate to authenticate the client. There is no standard that defines this header and implementations vary, check your destination server for support.
Servers do minimal validation on the incoming client certificate by default. The certificate should be validated either in the proxy or the destination, see the client certificate auth docs for details.
This transform will only apply if the client certificate is already present on the connection. See the optional certs doc if it needs to be requested from the client on a per-route basis.
Where should I write these codes in the service?
Code:
routeConfig = routeConfig.WithTransformClientCertHeader(headerName: "X-Client-Cert");
transformBuilderContext.AddClientCertHeader(headerName: "X-Client-Cert");
Example:
X-Client-Cert: SSdtIGEgY2VydGlmaWNhdGU...