Nginx ssl_verify_client和proxy_pass

前端之家收集整理的这篇文章主要介绍了Nginx ssl_verify_client和proxy_pass前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我有2个Nginx服务器server1和server2.
server1需要客户端ssl验证.
server2代理对server1的所有请求

问题是当我试图直接从server1访问我的服务时,浏览器询问我的客户端证书,它工作正常

但是从servier2它总是给出错误“400 Bad Request.没有发送所需的SSL证书”

server1 Nginx配置是

  1. server {
  2. listen 443;
  3. server_name server1 ;
  4. ssl on;
  5. ssl_certificate /etc/Nginx/ssl/server.crt;
  6. ssl_certificate_key /etc/Nginx/ssl/server.key;
  7. ssl_client_certificate /etc/Nginx/client_keys/keys.crt;
  8. ssl_verify_client on;
  9. ssl_verify_depth 1;
  10. ssl_session_timeout 5m;
  11. ssl_protocols SSLv3 TLSv1;
  12. ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
  13. ssl_prefer_server_ciphers on;
  14. location / {
  15. proxy_pass https://some-service;
  16. }
  17. }

server2 Nginx配置是

  1. server {
  2. listen 443 default_server;
  3. server_name server2;
  4. ssl on;
  5. ssl_certificate /etc/Nginx/ssl/server.crt;
  6. ssl_certificate_key /etc/Nginx/ssl/server.key;
  7. ssl_client_certificate /etc/Nginx/client_keys/keys.crt;
  8. location / {
  9. proxy_pass https://server1;
  10. }
  11. }
最佳答案
目前,Nginx不支持.但是有seNginx [1],它的代理模块被扩展为支持与源服务器的客户端证书握手.

[1] http://www.senginx.org/en/index.php/Proxy_HTTPS_Client_Certificate

猜你在找的Nginx相关文章