<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">You should place a whitespace between if and opening bracket<div class="">-if($ssl_client_verify</div><div class="">+if ($ssl_client_verify<br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">--</div><div class="">br,</div><div class="">Dmitry Pryadko</div><div class=""><br class=""></div></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">26 февр. 2015 г., в 14:14, unreal34 <<a href="mailto:nginx-forum@nginx.us" class="">nginx-forum@nginx.us</a>> написал(а):</div><br class="Apple-interchange-newline"><div class="">I'm trying to make access SSL only with key p12 <br class="">you don't have key = access denied<br class=""><br class=""><br class="">Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify"<br class="">in /etc/nginx/sites-enabled/default:144<br class="">nginx: configuration file /etc/nginx/nginx.conf test failed<br class=""><br class=""><br class="">what I'm doing wrong ?<br class=""><br class=""><br class="">server {<br class=""> listen 80; ## listen for ipv4; this line is default and implied<br class=""><br class=""> root /home/xxx/public_html;<br class=""> index index.php index.html index.htm;<br class=""><br class=""> # Make site accessible from <a href="http://localhost/" class="">http://localhost/</a><br class=""> server_name <a href="http://xxx.com" class="">xxx.com</a> <a href="http://www.xxx.com" class="">www.xxx.com</a>;<br class=""><br class=""> set $cache_uri $request_uri;<br class=""><br class=""> # Make sure files with the following extensions do not get loaded by<br class="">nginx because nginx would display the source code, and these files can<br class="">contain PASSWORDS!<br class=""> location ~*<br class="">\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_<br class=""> {<br class=""> return 444;<br class=""> }<br class=""> #passwd<br class=""> location /wp-admin/ {<br class=""> auth_basic "Admin area password";<br class=""> auth_basic_user_file /etc/nginx/htpasswd;<br class=""> }<br class=""> location /wp-login.php {<br class=""> auth_basic "Admin area password";<br class=""> auth_basic_user_file /etc/nginx/htpasswd;<br class=""> }<br class=""><br class="">#nocgi<br class="">location ~* \.(pl|cgi|py|sh|lua)\$ {<br class=""> return 444;<br class="">}<br class=""><br class="">location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }<br class=""><br class="">location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {<br class=""> deny all;<br class="">location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {<br class=""> try_files $uri<br class="">/wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;<br class=""> }<br class="">location / {<br class=""> try_files<br class="">/wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/<br class="">/index.php?$args ;<br class=""> }<br class=""># POST requests and urls with a query string should always go to PHP<br class=""> if ($request_method = POST) {<br class=""> set $cache_uri 'null cache';<br class=""> }<br class=""> if ($query_string != "") {<br class=""> set $cache_uri 'null cache';<br class=""> }<br class=""># Don't cache uris containing the following segments<br class=""> if ($request_uri ~*<br class="">"(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")<br class="">{<br class=""> set $cache_uri 'null cache';<br class=""> }<br class=""># Don't use the cache for logged in users or recent commenters<br class=""> if ($http_cookie ~*<br class="">"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {<br class=""> set $cache_uri 'null cache';<br class=""> }<br class=""> rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;<br class="">if (!-e $request_filename) {<br class=""> rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 break;<br class=""> rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;<br class=""> rewrite ^ /index.php last;<br class=""> }<br class="">rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;<br class="">rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2<br class="">last;<br class=""><br class=""><br class=""><br class=""><br class=""> location ~ \.php$ {<br class=""> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br class=""> # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini<br class=""> #<br class=""> # # With php5-cgi alone:<br class=""> # fastcgi_pass 127.0.0.1:9000;<br class=""> # # With php5-fpm:<br class=""> fastcgi_pass unix:/var/run/php5-fpm.sock;<br class=""> fastcgi_index index.php;<br class=""> include fastcgi_params;<br class=""> include fastcgi_params;<br class=""> }<br class="">}<br class=""><br class=""><br class=""><br class=""><br class="">server {<br class=""> listen 443 ;<br class=""> ssl on;<br class=""> server_name <a href="http://xxx.com" class="">xxx.com</a> <a href="http://www.xxx.com" class="">www.xxx.com</a>;<br class=""> root /home/xxx/public_html;<br class=""> ssl_certificate /etc/nginx/certs/server.crt;<br class=""> ssl_certificate_key /etc/nginx/certs/server.key;<br class=""> ssl_client_certificate /etc/nginx/certs/ca.crt;<br class=""> ssl_ciphers RC4:HIGH:!aNULL:!MD5;<br class=""> ssl_prefer_server_ciphers on;<br class=""> ssl_verify_client on;<br class=""># ssl_session_cache shared:SSL:10m;<br class=""># ssl_session_timeout 5m;<br class=""> ssl_verify_depth 1;<br class=""><br class=""><br class="">#location ~* {<br class="">if($ssl_client_verify != SUCCESS) ## NOT WORKS<br class="">{ return 403;<br class="">}<br class="">#}<br class=""> location / {<br class=""> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br class=""><br class=""> fastcgi_pass unix:/var/run/php5-fpm.sock;<br class=""> #fastcgi_param SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;<br class=""> fastcgi_param VERIFIED $ssl_client_verify;<br class=""> fastcgi_param DN $ssl_client_s_dn;<br class=""> include fastcgi_params;<br class=""> }<br class=""><br class=""><br class="">}<br class=""><br class="">sorry for my english.<br class=""><br class="">Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,256931,256931#msg-256931" class="">http://forum.nginx.org/read.php?2,256931,256931#msg-256931</a><br class=""><br class="">_______________________________________________<br class="">nginx mailing list<br class=""><a href="mailto:nginx@nginx.org" class="">nginx@nginx.org</a><br class="">http://mailman.nginx.org/mailman/listinfo/nginx<br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>