access SSL only with key p12 $ssl_client_verify not works

unreal34 nginx-forum at nginx.us
Thu Feb 26 11:14:18 UTC 2015


I'm trying to make access SSL only with  key   p12 
you don't have key   = access denied


Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify"
in /etc/nginx/sites-enabled/default:144
nginx: configuration file /etc/nginx/nginx.conf test failed


what I'm doing wrong ?


server {
        listen   80; ## listen for ipv4; this line is default and implied

        root /home/xxx/public_html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name xxx.com www.xxx.com;

        set $cache_uri $request_uri;

        # Make sure files with the following extensions do not get loaded by
nginx because nginx would display the source code, and these files can
contain PASSWORDS!
        location ~*
\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
        {
                return 444;
        }
        #passwd
        location  /wp-admin/  {
        auth_basic            "Admin area password";
        auth_basic_user_file  /etc/nginx/htpasswd;
        }
        location  /wp-login.php  {
          auth_basic            "Admin area password";
         auth_basic_user_file  /etc/nginx/htpasswd;
         }

#nocgi
location ~* \.(pl|cgi|py|sh|lua)\$ {
       return 444;
}

location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }

location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {
       deny all;
location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
                try_files $uri
/wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
        }
location / {
                try_files
/wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/
/index.php?$args ;
        }
# POST requests and urls with a query string should always go to PHP
        if ($request_method = POST) {
                set $cache_uri 'null cache';
        }
        if ($query_string != "") {
                set $cache_uri 'null cache';
        }
# Don't cache uris containing the following segments
        if ($request_uri ~*
"(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
{
                set $cache_uri 'null cache';
        }
# Don't use the cache for logged in users or recent commenters
        if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
                set $cache_uri 'null cache';
        }
        rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;
if (!-e $request_filename) {
              rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2  break;
              rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
              rewrite ^ /index.php last;
          }
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2
last;
      



        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                include fastcgi_params;
        }
}




server {
    listen        443 ;
    ssl on;
    server_name xxx.com www.xxx.com;
     root           /home/xxx/public_html;
    ssl_certificate      /etc/nginx/certs/server.crt;
    ssl_certificate_key  /etc/nginx/certs/server.key;
    ssl_client_certificate /etc/nginx/certs/ca.crt;
    ssl_ciphers RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_verify_client  on;
#    ssl_session_cache       shared:SSL:10m;
#    ssl_session_timeout     5m;
    ssl_verify_depth 1;


#location  ~* {
if($ssl_client_verify != SUCCESS)  ## NOT WORKS
{ return 403;
}
#}
    location / {
         fastcgi_split_path_info ^(.+\.php)(/.+)$;

        fastcgi_pass unix:/var/run/php5-fpm.sock;
       #fastcgi_param  SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;
        fastcgi_param  VERIFIED $ssl_client_verify;
        fastcgi_param  DN $ssl_client_s_dn;
        include        fastcgi_params;
    }


}

sorry for my english.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256931,256931#msg-256931



More information about the nginx mailing list