Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nginx ssl_verify_client and proxy_pass [closed]

Tags:

nginx

ssl

I have 2 Nginx servers server1 and server2. server1 requires client ssl verification. server2 proxies all request to server1

The problem is while i am trying to access my service directly from server1 the browser asks my client certificate and it works fine

But from servier2 it always gives error "400 Bad Request. No required SSL certificate was sent"

server1 nginx config is

server {
listen       443;
server_name  server1 ;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

location / {
    proxy_pass https://some-service;
}
}

server2 nginx config is

server {
listen       443  default_server;
server_name  server2;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
location / {
    proxy_pass https://server1;
}
}
like image 492
Onbayev Kanat Avatar asked Jul 03 '14 10:07

Onbayev Kanat

People also ask

How do I enable HTTPS on Nginx?

Setting up an HTTPS Server. To set up an HTTPS server, in your nginx. conf file include the ssl parameter to the listen directive in the server block, then specify the locations of the server certificate and private key files: server { listen 443 ssl; server_name www.example.com; ssl_certificate www.

What is proxy_pass in nginx?

The proxy_pass setting makes the Nginx reverse proxy setup work. The proxy_pass is configured in the location section of any virtual host configuration file. To set up an Nginx proxy_pass globally, edit the default file in Nginx's sites-available folder.

What is Ssl_ciphers Nginx?

The directives ssl_protocols and ssl_ciphers can be used to limit connections to include only the strong versions and ciphers of SSL/TLS. By default nginx uses “ ssl_protocols TLSv1 TLSv1. 1 TLSv1.

1 Answers

At the moment, that is not supported in nginx. But there is senginx[1], it's proxy module is extended to support client certificate handshake with origin server.

[1] http://www.senginx.org/en/index.php/Proxy_HTTPS_Client_Certificate

like image 185
Tair Avatar answered Nov 02 '22 13:11

Tair
Sign in to Comment

Related questions

Jenkins CLI with HTTPS
QuickFIX initiator certificates are not required to establish SSL communication with the acceptor
Cassandra nodes cannot see each other when internode encryption is enabled
Indy 10 - IdHTTP.Get raising "Could not load SSL library"
Intermittent SSL Error
Azure api The request was aborted: Could not create SSL/TLS secure channel. http client While calling some web api
OpenSSL hangs at CONNECTED(00000003)
wget returns "Unable to establish SSL connection"
Python SQL connection error (2006, 'SSL connection error: SSL_CTX_set_tmp_dh failed')
How can I make an SSL-enabled HTTP request in Julia?
SSL and authentication across multiple domains
What's the right way for a Python/Twisted program to validate an SSL certificate under Windows?
Qt "Creating SSL context" error in few computers
SSL Client on Android
Java SSL Exception - "Prime size must be a multiple of 64..." [duplicate]
How to use openSSL with memory BIOs and non blocking sockets
Java NIO and SSL
Node.js client certificate authentication on some paths only
Client Certificate Mapping Authentication in self-hosted Owin endpoint
Simple RMI Server with SSL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!