You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to secure my internal infrastructure using a zero-trust model. My notification gateway (Gotify) is situated behind a reverse proxy (Traefik) that is capable to enforce mutual TLS (mTLS) using RequireAndVerifyClientCert for all API POST requests.
While DIUN excellently supports verifying custom CAs via tlsCaCertFiles, the Gotify notifier currently lacks the ability to present a client certificate and private key during the TLS handshake. As a result, DIUN cannot push notifications to mTLS-protected endpoints, resulting in 400 Bad Request or TLS handshake failures.
Please add configuration options to the Gotify notifier (and potentially the global HTTP client or other webhooks) to allow specifying a client certificate and private key :-)
Adding this feature would make DIUN highly adaptable for advanced homelab environments and enterprise utilizing internal PKI for strict service-to-service authentication.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'd like to secure my internal infrastructure using a zero-trust model. My notification gateway (Gotify) is situated behind a reverse proxy (Traefik) that is capable to enforce mutual TLS (mTLS) using RequireAndVerifyClientCert for all API POST requests.
While DIUN excellently supports verifying custom CAs via tlsCaCertFiles, the Gotify notifier currently lacks the ability to present a client certificate and private key during the TLS handshake. As a result, DIUN cannot push notifications to mTLS-protected endpoints, resulting in 400 Bad Request or TLS handshake failures.
Please add configuration options to the Gotify notifier (and potentially the global HTTP client or other webhooks) to allow specifying a client certificate and private key :-)
Example configuration implementation:
Adding this feature would make DIUN highly adaptable for advanced homelab environments and enterprise utilizing internal PKI for strict service-to-service authentication.
Thank you.
Cheers
P4SQL
Beta Was this translation helpful? Give feedback.
All reactions