Hello! On Tue, Apr 28, 2015 at 05:17:32PM -0400, lieut_data wrote:
> I was excited to see proxy_ssl_certificate and friends land in Nginx 1.7.8, > and decided to revisit Nginx as a candidate for proxy caching an upstream > server requiring client authentication. I've included the debugging > configuration I've been playing around with at the end of this post. > > This particular upstream server does not trigger client authentication for > all endpoints. For example, I can issue > > ----- > http http://NGINX_PROXY_IP/test/path Host:UPSTREAM_SERVER > ----- > > and get back the proxied response without error. However, for endpoints that > require client authentication (triggered by the server after it examines the > request path), nginx never gets a response. I've verified that the upstream > server is working as expected using both wget: What nginx doesn't support (or, rather, explicitly forbids) is renegotiation. On the other hand, renegotiation is required if one needs to ask for a client certificate only for some URIs, so it's likely used in your case. You should see something like "SSL renegotiation disabled" in logs at notice level. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
