access SSL only with key p12 $ssl_client_verify not works
unreal34
nginx-forum at nginx.us
Thu Feb 26 11:14:18 UTC 2015
I'm trying to make access SSL only with key p12
you don't have key = access denied
Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify"
in /etc/nginx/sites-enabled/default:144
nginx: configuration file /etc/nginx/nginx.conf test failed
what I'm doing wrong ?
server {
listen 80; ## listen for ipv4; this line is default and implied
root /home/xxx/public_html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name xxx.com www.xxx.com;
set $cache_uri $request_uri;
# Make sure files with the following extensions do not get loaded by
nginx because nginx would display the source code, and these files can
contain PASSWORDS!
location ~*
\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}
#passwd
location /wp-admin/ {
auth_basic "Admin area password";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /wp-login.php {
auth_basic "Admin area password";
auth_basic_user_file /etc/nginx/htpasswd;
}
#nocgi
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}
location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }
location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {
deny all;
location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
try_files $uri
/wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location / {
try_files
/wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/
/index.php?$args ;
}
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache uris containing the following segments
if ($request_uri ~*
"(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
{
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
set $cache_uri 'null cache';
}
rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;
if (!-e $request_filename) {
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 break;
rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
rewrite ^ /index.php last;
}
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2
last;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi_params;
}
}
server {
listen 443 ;
ssl on;
server_name xxx.com www.xxx.com;
root /home/xxx/public_html;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_verify_client on;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 5m;
ssl_verify_depth 1;
#location ~* {
if($ssl_client_verify != SUCCESS) ## NOT WORKS
{ return 403;
}
#}
location / {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_param SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include fastcgi_params;
}
}
sorry for my english.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256931,256931#msg-256931
More information about the nginx
mailing list