Nginx proxy_ssl_certificate not working as expected

Question

I'm using nginx as a proxy to a backend server. The backend server is also using nginx and enforcing client certificate authentication using the ssl_client_certificate and ssl_verify_client directives.

In my nginx server I set the following:

location  /proxy {
    proxy_pass             https://www.backend.com;

    proxy_set_header       X-Forwarded-Host $host;
    proxy_set_header       X-Forwarded-Server $host;
    proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_ssl_certificate      /etc/nginx/cert/client.crt;
    proxy_ssl_certificate_key  /etc/nginx/cert/client.key;
}

according to the nginx docs.

However, the backend is still responding with a 400 reponse code "No required SSL certificate was sent".

Note that when issuing requests to the backend server using wget with the client certificate, I get a valid 200 OK response:

wget --certificate=/etc/nginx/cert/client.crt --private-key=/etc/nginx/cert/client.key https://www.backend.com

What am I missing in my nginx configuration?

Answer 1

This post seemed to solve this problem for me.

I had to add the following setting to get things working for me.

proxy_ssl_server_name      on;