question about client certs
Francis Daly
francis at daoine.org
Wed Feb 3 21:21:59 UTC 2016
On Wed, Feb 03, 2016 at 09:37:25AM +0100, Aleksandar Lazic wrote:
> Am 02-02-2016 23:22, schrieb Alex Samad:
Hi there,
> Cool it would be nice if you can tell us if it's works and how was
> your solution ;-)
I think that "location" does not take variables, and so this will
not work.
More below.
> >On 2 February 2016 at 20:56, Aleksandar Lazic <al-nginx at none.at> wrote:
> >>Am 02-02-2016 04:32, schrieb Alex Samad:
> >>>Is it possible with nginx to do this
> >>>
> >>>https://www.abc.com
> >>>/
> >>>/noclientcert/
> >>>/clientcert/
> >>>
> >>>so you can get to / with no client cert, but /clientcert/ you need a
> >>>cert, but for /noclientcert/ you don't need a cert.
> >>>
> >>>Looks like from the config doco you can only set it for the
> >>>whole tree ...
Untested by me, but if you set
ssl_verify_client optional;
and then within your
location ^~ /clientcert/ {}
you have something like
if ($ssl_client_verify != SUCCESS) { return 403; }
would that fit your needs?
(If the content below /clientcert/ is all handled by an external process,
then possibly it could do its own validation or verification using values
provided by nginx.)
http://nginx.org/r/$ssl_client_verify for some details.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list