Get username other than via proxy protocol
24 views
Skip to first unread message
Nicola Fricker
Jul 7, 2023, 6:21:30 AM7/7/23
to vernemq-users
Hi There
We are currently on a solution where we need to set the Username of a Client from his x509 certificate, so that we can set topics restrictions via acl patterns.
It works as intended over websockets with haproxy as ingress on kubernetes and enabling the proxy protocoll and the proxy_protocol_use_cn_as_username setting on vernemq.
However, we now must develop a solution, where we cannot use proxy protocoll for getting the CN.
Is there any other method of setting the CN as username, e.g. over a http header?
The connection doesnt necessarily needs to be over websocket.
Thank you and kind regards
We are currently on a solution where we need to set the Username of a Client from his x509 certificate, so that we can set topics restrictions via acl patterns.
It works as intended over websockets with haproxy as ingress on kubernetes and enabling the proxy protocoll and the proxy_protocol_use_cn_as_username setting on vernemq.
However, we now must develop a solution, where we cannot use proxy protocoll for getting the CN.
Is there any other method of setting the CN as username, e.g. over a http header?
The connection doesnt necessarily needs to be over websocket.
Thank you and kind regards
André Fatton
Jul 7, 2023, 11:38:52 AM7/7/23
to vernemq-users
Hi,
you can configure a TLS listener in VerneMQ and then add a setting like the following:
listener.ssl.my_ssl_listener.use_identity_as_username = on
I hope this helps,
André
Reply all
Reply to author
Forward
0 new messages