access SSL only with key p12 $ssl_client_verify not works
Dmitry Pryadko
dp at nginx.com
Thu Feb 26 11:44:22 UTC 2015
You should place a whitespace between if and opening bracket
-if($ssl_client_verify
+if ($ssl_client_verify
--
br,
Dmitry Pryadko
> 26 февр. 2015 г., в 14:14, unreal34 <nginx-forum at nginx.us> написал(а):
>
> I'm trying to make access SSL only with key p12
> you don't have key = access denied
>
>
> Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify"
> in /etc/nginx/sites-enabled/default:144
> nginx: configuration file /etc/nginx/nginx.conf test failed
>
>
> what I'm doing wrong ?
>
>
> server {
> listen 80; ## listen for ipv4; this line is default and implied
>
> root /home/xxx/public_html;
> index index.php index.html index.htm;
>
> # Make site accessible from http://localhost/
> server_name xxx.com www.xxx.com;
>
> set $cache_uri $request_uri;
>
> # Make sure files with the following extensions do not get loaded by
> nginx because nginx would display the source code, and these files can
> contain PASSWORDS!
> location ~*
> \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
> {
> return 444;
> }
> #passwd
> location /wp-admin/ {
> auth_basic "Admin area password";
> auth_basic_user_file /etc/nginx/htpasswd;
> }
> location /wp-login.php {
> auth_basic "Admin area password";
> auth_basic_user_file /etc/nginx/htpasswd;
> }
>
> #nocgi
> location ~* \.(pl|cgi|py|sh|lua)\$ {
> return 444;
> }
>
> location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }
>
> location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {
> deny all;
> location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
> try_files $uri
> /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
> }
> location / {
> try_files
> /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/
> /index.php?$args ;
> }
> # POST requests and urls with a query string should always go to PHP
> if ($request_method = POST) {
> set $cache_uri 'null cache';
> }
> if ($query_string != "") {
> set $cache_uri 'null cache';
> }
> # Don't cache uris containing the following segments
> if ($request_uri ~*
> "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
> {
> set $cache_uri 'null cache';
> }
> # Don't use the cache for logged in users or recent commenters
> if ($http_cookie ~*
> "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
> set $cache_uri 'null cache';
> }
> rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;
> if (!-e $request_filename) {
> rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 break;
> rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
> rewrite ^ /index.php last;
> }
> rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
> rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2
> last;
>
>
>
>
> location ~ \.php$ {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
> #
> # # With php5-cgi alone:
> # fastcgi_pass 127.0.0.1:9000;
> # # With php5-fpm:
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> fastcgi_index index.php;
> include fastcgi_params;
> include fastcgi_params;
> }
> }
>
>
>
>
> server {
> listen 443 ;
> ssl on;
> server_name xxx.com www.xxx.com;
> root /home/xxx/public_html;
> ssl_certificate /etc/nginx/certs/server.crt;
> ssl_certificate_key /etc/nginx/certs/server.key;
> ssl_client_certificate /etc/nginx/certs/ca.crt;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
> ssl_verify_client on;
> # ssl_session_cache shared:SSL:10m;
> # ssl_session_timeout 5m;
> ssl_verify_depth 1;
>
>
> #location ~* {
> if($ssl_client_verify != SUCCESS) ## NOT WORKS
> { return 403;
> }
> #}
> location / {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
>
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> #fastcgi_param SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;
> fastcgi_param VERIFIED $ssl_client_verify;
> fastcgi_param DN $ssl_client_s_dn;
> include fastcgi_params;
> }
>
>
> }
>
> sorry for my english.
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256931,256931#msg-256931
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150226/1b8c1013/attachment.html>
More information about the nginx
mailing list