From 31184e9f924ec97db14b2534cf01e5a33e1c2299 Mon Sep 17 00:00:00 2001
From: hweawer <ahusakouski@uber.com>
Date: Wed, 8 Jan 2025 16:09:31 +0100
Subject: [PATCH] Change config

---
 nginx/config/default.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/nginx/config/default.go b/nginx/config/default.go
index e80564e0..63d4f73e 100644
--- a/nginx/config/default.go
+++ b/nginx/config/default.go
@@ -31,14 +31,19 @@ var _nameToDefaultTemplate = map[string]string{
 const DefaultClientVerification = `
 ssl_verify_client on;
 set $required_verified_client 1;
+
+# If the remote IP is 127.0.0.1, set ssl_verify_client to optional and allow no verification
 if ($remote_addr = "127.0.0.1") {
   ssl_verify_client optional;
   set $required_verified_client 0;
 }
 
-set $verfied_client $required_verified_client$ssl_client_verify;
-if ($verfied_client !~ ^(0.*|1SUCCESS)$) {
-  return 403;
+# Check client verification status
+set $verified_client $ssl_client_verify;
+if ($required_verified_client = 1) {
+  if ($verified_client !~ ^SUCCESS$) {
+    return 403;
+  }
 }
 `