Just a quick question:
Is it possible to enable client certificates on only some paths?
For example: example.com/user does not need a certificate, but example.com/admin does?
Seems it is possible. You just need to create separate routers and create the matching rule correctly to match the PathPrefix you have mentioned.
Then, by using entry points: web and web secure you can expose your service with TLS or without TLS.
Hope that helps,
Sadly i can't define different entrypoints with the same port.
What needs to be done, is to create two entry points:
- web 80, no TLS
- websecure 443 with TLS termination
then, just use those entry points accordingly on the routers. Seems that it is a typical configuration.
Oh sry. Seems like the Question wasn't clear. I want both to be secured with server side tls. but one path to to also require a client certificate. i tried using different routers, but got an error saying that trafik doesn't support different tls options for the same host.