Add caddy server configuration for Client Authentication (X509)

Author: Spomky

security.rst

@@ -1253,6 +1253,31 @@ and to expose the certificate's DN to the Symfony application:
         # pass the DN to the application
         SSLOptions +StdEnvVars
 
+    .. code-block:: caddy
+
+        tls {
+            client_auth {
+                mode verify_if_given # Please refer to the Caddy documentation for more information
+                trusted_ca_cert_file /path/to/my-custom-CA.pem
+            }
+        }
+
+        route {
+            # Other configuration options go here
+
+            php_fastcgi unix//var/run/php/php-fpm.sock {
+                env SSL_CLIENT_S_DN {http.request.tls.client.subject}
+
+                # Environment variables for other certificate fields that you might need
+                # They are not used by Symfony, but you can use them in your application
+                env SSL_CLIENT_S_FINGERPRINT {http.request.tls.client.fingerprint}
+                env SSL_CLIENT_S_CERTIFICATE {http.request.tls.client.certificate_der_base64}
+                env SSL_CLIENT_S_ISSUER {http.request.tls.client.issuer}
+                env SSL_CLIENT_S_SERIAL {http.request.tls.client.serial}
+                env SSL_CLIENT_S_DN {http.request.tls.client.subject}
+            }
+        }
+
 Then, enable the X.509 authenticator using ``x509`` on your firewall:
 
 .. configuration-block::