nginx reverse proxy: with/without client cert on different path/location (same host/FQDN)
iafilius at xs4all.nl
Fri Aug 5 07:55:34 UTC 2011
Hello nginx list,
running version 0.8.54-4 9 (ubuntu 11.04)
Tried to configure nginx as reverse proxy for a wish to have client cert
authention on a specific url-path, but i failed.
The wish is to have:
https://hostA/pathA -> no client cert -> upstreamA
https://hostA/pathB -> client cert required -> upstreamB
I tried to configure nginx in one server definition multiple locations,
within the locations "ssl_client_certificate off;" in one location and
"ssl_client_certificate on;" in the other location. but got an error as:
011/08/05 07:54:56 [emerg] 5376#0: "ssl_client_certificate" directive is
not allowed here in ....(file/line number)
Another way i tried, is to have 2 identical server definitions, except for
the location and ssl_client_certificate on/off; But then i got the
(more or less expected) error twice:
2011/08/05 07:58:43 [warn] 5392#0: conflicting server name
"<FQDN>" on <IP>:443, ignored
is it possible what i'm trying to configure?
another question, related to this, i'd like to give the email from the
client certificate to the backend (in a http header variabele), but found
one way close to what i want, and that is to give the complete certificate
($ssl_client_cert) to upstream, but that way eats much of the 4000Bytes
max http header space..
Is there a way to set just the email from client cert?
Thanks in advance,
mailto:iafilius at xs4all.nl
More information about the nginx