N00b - confused ssl
r at roze.lv
Wed Apr 26 01:13:42 UTC 2017
> so if I put both of these in one server block so that the incoming is de-crypted and the outgoing is decrypted. Do I put both the server and client certs in the same server block ?
Depends on what setup/requirements you actually have:
- If your backend server requires authentication then you have to provide a client certificate via proxy_ssl_certificate (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_certificate ).
- If your clients need to authenticate versus your nginx proxy then you use ssl_verify_client / ssl_trusted_certificate ( http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client ).
- If your backend requires passing through the user certificates it's a bit tricky as depending on backend it might or might not work https://trac.nginx.org/nginx/ticket/857
More information about the nginx