Proxy_Pass to another vhost on same machine
Maxim Dounin
mdounin at mdounin.ru
Tue Jun 10 12:03:48 UTC 2014
Hello!
On Mon, Jun 09, 2014 at 01:53:11PM -0400, paulg1981 wrote:
> Hello,
> I am attempting to use ca.mydomain.com with client certificate auth as a
> springboard for other sites on the same server. I am using client certs with
> my iphone (and other browsers) to skip the password auth and be more secure.
> The first two proxy_pass statements work fine (sickbeard and couchpotato)
> but the next (munin) gives the error 400 Bad Request No required SSL
> certificate was sent. If I put the address
> (https://tools.mydomain.com/munin) in my address bar it works fine? I don't
> understand why it is requesting the client cert for the subdomain that
> doesn't use client auth. The tools.mydomain.com uses basic auth.
In no particular order:
- Make sure that "s" in the "https://tools..." isn't a typo and
you actually mean to use encrypted connection between nginx and
this backend.
- Make sure the "tools.mydomain.com" https backend actually don't
have client cert auth switched on. In particular, make sure
it's either uses separate ip:port, or you've enabled SNI in
nginx proxy (http://nginx.org/r/proxy_ssl_server_name).
> Secondly I want to access the tools.mydomain.com from ca.mydomain.com and
> not be prompted for the basic auth password. So I want to include the
> authorization in the proxying.
Instead of providing a password, you may consider configuring
access from a fixed set of ip addresses, using the access module
and "satisfy any", see http://nginx.org/r/satisfy for an example.
If you want nginx to send a password, you may do so by adding
the Authorization header with proxy_set_header, see
http://nginx.org/r/proxy_set_header and
http://tools.ietf.org/html/rfc2617#section-2.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list