reverse proxy with mTLS does not send client certificate to upstream
Aleksandar Lazic
al-nginx at none.at
Thu Oct 27 21:59:32 UTC 2022
Hi.
On 27.10.22 13:56, Andrej van der Zee wrote:
> Dear,
>
> I am trying to setup an TLS auth reverse proxy with proxy_ssl_certificate
> and proxy_ssl_certificate_key like below:
>
> http {
> server {
> listen 8080;
> resolver 8.8.8.8;
>
> location ~ /mimir/(.*)$ {
> proxy_pass https://<upstream-domain>/$1;
> proxy_ssl_certificate_key /etc/nginx/tls-auth/mimir/tls.key;
> proxy_ssl_certificate /etc/nginx/tls-auth/mimir/tls.crt;
> }
> }
> }
>
> Somehow the nginx reverse proxy does not send the configured client
> certificate, resulting in the error below from my upstream server:
>
> <html>
> <head><title>400 No required SSL certificate was sent</title></head>
> <body>
> <center><h1>400 Bad Request</h1></center>
> <center>No required SSL certificate was sent</center>
> <hr><center>nginx</center>
> </body>
> </html>
>
> What am I missing?
What's in the error log?
You can also try to run nginx in debug mode then will you see more
Information why the connection attempt does not work.
http://nginx.org/en/docs/debugging_log.html
> Best regards,
> Andrej
>
>
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
More information about the nginx
mailing list