access SSL only with key p12 $ssl_client_verify not works

Dmitry Pryadko dp at nginx.com
Thu Feb 26 11:44:22 UTC 2015


You should place a whitespace between if and opening bracket
-if($ssl_client_verify
+if ($ssl_client_verify
--
br,
Dmitry Pryadko




> 26 февр. 2015 г., в 14:14, unreal34 <nginx-forum at nginx.us> написал(а):
> 
> I'm trying to make access SSL only with  key   p12 
> you don't have key   = access denied
> 
> 
> Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify"
> in /etc/nginx/sites-enabled/default:144
> nginx: configuration file /etc/nginx/nginx.conf test failed
> 
> 
> what I'm doing wrong ?
> 
> 
> server {
>        listen   80; ## listen for ipv4; this line is default and implied
> 
>        root /home/xxx/public_html;
>        index index.php index.html index.htm;
> 
>        # Make site accessible from http://localhost/
>        server_name xxx.com www.xxx.com;
> 
>        set $cache_uri $request_uri;
> 
>        # Make sure files with the following extensions do not get loaded by
> nginx because nginx would display the source code, and these files can
> contain PASSWORDS!
>        location ~*
> \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
>        {
>                return 444;
>        }
>        #passwd
>        location  /wp-admin/  {
>        auth_basic            "Admin area password";
>        auth_basic_user_file  /etc/nginx/htpasswd;
>        }
>        location  /wp-login.php  {
>          auth_basic            "Admin area password";
>         auth_basic_user_file  /etc/nginx/htpasswd;
>         }
> 
> #nocgi
> location ~* \.(pl|cgi|py|sh|lua)\$ {
>       return 444;
> }
> 
> location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }
> 
> location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {
>       deny all;
> location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
>                try_files $uri
> /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
>        }
> location / {
>                try_files
> /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/
> /index.php?$args ;
>        }
> # POST requests and urls with a query string should always go to PHP
>        if ($request_method = POST) {
>                set $cache_uri 'null cache';
>        }
>        if ($query_string != "") {
>                set $cache_uri 'null cache';
>        }
> # Don't cache uris containing the following segments
>        if ($request_uri ~*
> "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
> {
>                set $cache_uri 'null cache';
>        }
> # Don't use the cache for logged in users or recent commenters
>        if ($http_cookie ~*
> "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
>                set $cache_uri 'null cache';
>        }
>        rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;
> if (!-e $request_filename) {
>              rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2  break;
>              rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
>              rewrite ^ /index.php last;
>          }
> rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
> rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2
> last;
> 
> 
> 
> 
>        location ~ \.php$ {
>                fastcgi_split_path_info ^(.+\.php)(/.+)$;
>        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
>        #
>        #       # With php5-cgi alone:
>        #       fastcgi_pass 127.0.0.1:9000;
>        #       # With php5-fpm:
>                fastcgi_pass unix:/var/run/php5-fpm.sock;
>                fastcgi_index index.php;
>                include fastcgi_params;
>                include fastcgi_params;
>        }
> }
> 
> 
> 
> 
> server {
>    listen        443 ;
>    ssl on;
>    server_name xxx.com www.xxx.com;
>     root           /home/xxx/public_html;
>    ssl_certificate      /etc/nginx/certs/server.crt;
>    ssl_certificate_key  /etc/nginx/certs/server.key;
>    ssl_client_certificate /etc/nginx/certs/ca.crt;
>    ssl_ciphers RC4:HIGH:!aNULL:!MD5;
>    ssl_prefer_server_ciphers on;
>    ssl_verify_client  on;
> #    ssl_session_cache       shared:SSL:10m;
> #    ssl_session_timeout     5m;
>    ssl_verify_depth 1;
> 
> 
> #location  ~* {
> if($ssl_client_verify != SUCCESS)  ## NOT WORKS
> { return 403;
> }
> #}
>    location / {
>         fastcgi_split_path_info ^(.+\.php)(/.+)$;
> 
>        fastcgi_pass unix:/var/run/php5-fpm.sock;
>       #fastcgi_param  SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;
>        fastcgi_param  VERIFIED $ssl_client_verify;
>        fastcgi_param  DN $ssl_client_s_dn;
>        include        fastcgi_params;
>    }
> 
> 
> }
> 
> sorry for my english.
> 
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256931,256931#msg-256931
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150226/1b8c1013/attachment.html>


More information about the nginx mailing list