X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Froles%2Ffiles%2Fjenkins%2Fjenkins.debian.org;fp=modules%2Froles%2Ffiles%2Fjenkins%2Fjenkins.debian.org;h=e8d9ebed55eb968b5d0ccec94ea0233182df60e1;hb=32cc0ca47da8021103744f26d3ced982ea0c22ad;hp=b5ccc6b04f0081e961781bff5f19733a591519df;hpb=9d9c36b33d983b2de4e20f13c86a7d108125feb8;p=dsa-puppet.git

diff --git a/modules/roles/files/jenkins/jenkins.debian.org b/modules/roles/files/jenkins/jenkins.debian.org
index b5ccc6b0..e8d9ebed 100644
--- a/modules/roles/files/jenkins/jenkins.debian.org
+++ b/modules/roles/files/jenkins/jenkins.debian.org
@@ -7,6 +7,13 @@ Use common-debian-service-https-redirect * jenkins.debian.org
 	Use common-debian-service-ssl jenkins.debian.org
 	Use common-ssl-HSTS
 
+	SSLCACertificateFile /var/lib/dsa/sso/ca.crt
+	SSLCARevocationCheck chain
+	SSLCARevocationFile /var/lib/dsa/sso/ca.crl
+	SSLVerifyClient optional
+
+	SSLOptions +StdEnvVars
+
 	<IfModule mod_userdir.c>
 		UserDir disabled
 	</IfModule>
@@ -14,6 +21,8 @@ Use common-debian-service-https-redirect * jenkins.debian.org
 	CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
 	ServerSignature On
 	<IfModule mod_proxy.c>
+		RequestHeader unset X-Forwarded-User
+		RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
 		<Proxy *>
 			Order deny,allow
 			Allow from all