Nginx ssl_verify_client and proxy_pass

Question

Nginx ssl_verify_client and proxy_pass

I have 2 Nginx servers server1 and server2 . server1 requires ssl client verification. server2 proxy all server requests

The problem is that I am trying to access my service directly from server1, the browser is requesting my client certificate and it works fine

But from servier2 it always gives the error "400 Bad Request. No SSL certificate required"

server1 nginx config

server { listen 443; server_name server1 ; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/client_keys/keys.crt; ssl_verify_client on; ssl_verify_depth 1; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; location / { proxy_pass https://some-service; } }

server2 nginx config

 server { listen 443 default_server; server_name server2; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/client_keys/keys.crt; location / { proxy_pass https://server1; } }

+7

ssl nginx

Onbayev kanat Jul 03 '14 at 10:27

source share

1 answer

Tair · Accepted Answer · 2014-07-03T11:09:49+0000

This is currently not supported in nginx. But there is senginx [1], its proxy module has been expanded to support the handshake of the client certificate with the origin server.

[1] http://www.senginx.org/en/index.php/Proxy_HTTPS_Client_Certificate

Nginx ssl_verify_client and proxy_pass

More articles: