我有2台Nginx服务器 server1 和 server2 。 server1 需要客户端ssl验证。 server2 代理对server1的所有请求
问题是当我尝试直接从server1访问我的服务时,浏览器会询问我的客户端证书并且工作正常
但是从servier2它总是会出错" 400 Bad Request。没有发送所需的SSL证书"
server1 nginx config是
server {
listen 443;
server_name server1 ;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://some-service;
}
}
server2 nginx config是
server {
listen 443 default_server;
server_name server2;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
location / {
proxy_pass https://server1;
}
}
答案 0 :(得分:3)
目前,nginx不支持。但是有senginx [1],它的代理模块被扩展为支持与原始服务器的客户端证书握手。
[1] http://www.senginx.org/en/index.php/Proxy_HTTPS_Client_Certificate