[Nginx&TLS] How to make log show a successful exchange of digital certificates.

dencivi nginx-forum at nginx.us
Tue Feb 5 07:15:04 UTC 2013


     I've make nginx support TLS(Mutual Authentication), It's can be work
and very cool. but i want have some detail log about exchange of digital
certificates. for example, the log have exchange success and client digital
certificates information in this exchange action.

     My system like:  Broswer <--TLS--> Nginx 1.0.8 <--HTTP--> Tomcat

     So, what can i do? 

     Thanks for your work.

=============== nginx.conf ================
    listen       8889;
    index index.jsp index.html index.htm;
    charset utf-8;
    log_format  tls_log  '$remote_addr $remote_user [$time_local] "$request"
$http_host '
                  '$status $upstream_status $body_bytes_sent "$http_referer"
                  '"$http_user_agent" $ssl_protocol $ssl_cipher
$upstream_addr '
                  '$request_time $upstream_response_time'; 
    access_log /usr/local/nginx/logs/http_8889_access.log tls_log;

    #TLS start
    ssl on;
    ssl_certificate ssl/server.crt;
    ssl_certificate_key ssl/server.key;
    ssl_client_certificate ssl/ca.crt ;
    ssl_verify_client on;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #TLS end

    #chunkin for XTOM
    chunkin on;
    error_page 411 = @my_411_error;
    location @my_411_error {

    location ~ /mux-.+ {
      proxy_redirect default;
      proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header  X-Real-IP  $remote_addr;
      proxy_set_header  Host $http_host;


Posted at Nginx Forum: http://forum.nginx.org/read.php?2,235909,235909#msg-235909

More information about the nginx mailing list