Nginx with Client Certificate
Page content
NGINX with Client Certificates
root@debian:/etc/nginx/sites-available#
server {
listen 80;
listen [::]:80;
server_name host198.planet;
root /var/www/host198.planet;
access_log /var/log/nginx/host198.planet;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name host198.planet;
root /var/www/host198.planet;
ssl_certificate /etc/ssl/private/fullchain.crt;
ssl_certificate_key /etc/ssl/private/host198.planet.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_client_certificate /etc/ssl/private/ca.crt;
ssl_verify_client optional;
access_log /var/log/nginx/host198.planet;
index index.html;
#location / {
# try_files $uri $uri/ =404;
#}
location / {
# if the client-side certificate failed to authenticate, show a 403
# message to the client
if ($ssl_client_verify != SUCCESS) {
return 403;
}
}
}
Any Comments ?
sha256: dbf64919ee3864f77b78f71f2b4b70d6794d96dd3dbbe1ae9ce3442cda571c26