Nginx的SSL

2018-06-06 23:18:52

我有2个Nginx服务器server1和server2 。 server1需要客户端ssl验证。 server2将所有请求代理到server1

问题是，当我试图直接从服务器1访问我的服务浏览器询问我的客户端证书，它工作正常

但是，从servier2总是给出错误“400错误请求，没有发送必需的SSL证书”

server1的nginx配置是

server {
listen       443;
server_name  server1 ;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

location / {
    proxy_pass https://some-service;
}
}

server2的nginx配置是

server {
listen       443  default_server;
server_name  server2;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
location / {
    proxy_pass https://server1;
}
}

目前，这在nginx中不被支持。但是有senginx [1]，它的代理模块被扩展为支持与原始服务器的客户端证书握手。

[1] http://www.senginx.org/en/index.php/Proxy_HTTPS_Client_Certificate

链接地址: http://www.djcxy.com/p/21469.html

上一篇: Nginx ssl

下一篇: How to disable a Combobox in Tkinter?