how to setup nginx as reverse proxy + tomcat ssl

Maxim Dounin mdounin at
Wed Mar 31 12:48:07 MSD 2010


On Wed, Mar 31, 2010 at 04:09:42AM -0400, kaiyuan wrote:


> My questions are
>  Can I have an SSL from Client to Nginx and another between 
>  Nginx and Tomcat ,nginx verify  the client certificate,and 
>  also transfer the client certificate to tomcat,tomcat also  
>  verify  the client certificate.
> if nginx can do this,how to setup.Can someboby give me an 
> correct nginx.conf for this?

This is not possible.  To "transfer" client certificate one have 
to be able to access certificate's private key.  Moreover, nginx 
currently doesn't support using client certificates in proxy 
connections at all.

You may want to pass results of client cert verification 
($ssl_client_s_dn and so on) from nginx to tomcat in http headers 
instead.  See here for details:

Maxim Dounin

More information about the nginx mailing list