N00b - confused ssl

Reinis Rozitis r at roze.lv
Wed Apr 26 01:13:42 UTC 2017

> so if I put both of these in one server block so that the incoming is de-crypted and the outgoing is decrypted. Do I put both the server and client certs in the same server block ?

Depends on what setup/requirements you actually have:

- If your backend server requires authentication then you have to provide a client certificate via proxy_ssl_certificate (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_certificate ).

- If your clients need to authenticate versus your nginx proxy then you use ssl_verify_client / ssl_trusted_certificate ( http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client ).

- If your backend requires passing through the user certificates it's a bit tricky as depending on backend it might or might not work https://trac.nginx.org/nginx/ticket/857 


More information about the nginx mailing list