ChatGPTNextWeb/NextChat

[Feature] configurable **client** certificate

Open

#3,935 opened on Jan 27, 2024

View on GitHub
 (3 comments) (0 reactions) (0 assignees)TypeScript (59,717 forks)batch import
backloghelp wanted

Repository metrics

Stars
 (87,992 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

Hi, I encountered a problem with the client certificate verifying / authenticating.

When enabled client certs (typically the Cloudflare mTLS rules), the client must present its private cert (aka .p12/.pfx file) to the server. However since ChatGPT-Next-Web requests the API base from the backend, it would not carry the valid credentials that should have come from a browser request.

So there should be a configurable option to specify a client certificate so that the mutual verification would work.

I have read the issue list and found that #518 #3034 may be related, but both of them didn't mention if it's possible to deploy a client certificate for the backend.

My current approach is to allow the server IP as request src_ip, but it's quite inconvenient since I had to hard code the IP into the rules. So let me ask for a feature to satisfy this scene.

Contributor guide