Access SSL only with key p12 $ssl_client_verify not works

I’m trying to make access SSL only with key p12
you don’t have key = access denied

Restarting nginx: nginx: [emerg] unknown directive
in /etc/nginx/sites-enabled/default:144
nginx: configuration file /etc/nginx/nginx.conf test failed

what I’m doing wrong ?

server {
listen 80; ## listen for ipv4; this line is default and

    root /home/xxx/public_html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/

    set $cache_uri $request_uri;

    # Make sure files with the following extensions do not get 

loaded by
nginx because nginx would display the source code, and these files can
contain PASSWORDS!
location ~*
return 444;
location /wp-admin/ {
auth_basic “Admin area password”;
auth_basic_user_file /etc/nginx/htpasswd;
location /wp-login.php {
auth_basic “Admin area password”;
auth_basic_user_file /etc/nginx/htpasswd;

location ~* .(pl|cgi|py|sh|lua)$ {
return 444;

location ~ /(.|wp-config.php|readme.html|license.txt) { deny all; }

location ~* /(?:|uploads|files)/.(.|php|js|html|tpl|sh)$ {
deny all;
location ~ ^/wp-content/cache/minify/[^/]+/(.
)$ {
try_files $uri
location / {
/wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri
/index.php?$args ;

POST requests and urls with a query string should always go to PHP

    if ($request_method = POST) {
            set $cache_uri 'null cache';
    if ($query_string != "") {
            set $cache_uri 'null cache';

Don’t cache uris containing the following segments

    if ($request_uri ~*

set $cache_uri ‘null cache’;

Don’t use the cache for logged in users or recent commenters

    if ($http_cookie ~*

“comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in”) {
set $cache_uri ‘null cache’;
rewrite ^(.)?/?files/(.) /wp-content/blogs.php?file=$2;
if (!-e $request_filename) {
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.) $2 break;
rewrite ^([_0-9a-zA-Z-]+)?(/.
.php)$ $2 last;
rewrite ^ /index.php last;
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$

    location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in 

# # With php5-cgi alone:
# fastcgi_pass;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi_params;

server {
listen 443 ;
ssl on;
root /home/xxx/public_html;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_verify_client on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

ssl_verify_depth 1;

#location ~* {
if($ssl_client_verify != SUCCESS) ## NOT WORKS
{ return 403;
location / {
fastcgi_split_path_info ^(.+.php)(/.+)$;

    fastcgi_pass unix:/var/run/php5-fpm.sock;
   #fastcgi_param  SCRIPT_FILENAME 

fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include fastcgi_params;


sorry for my english.

Posted at Nginx Forum:,256931,256931#msg-256931

You should place a whitespace between if and opening bracket
+if ($ssl_client_verify

Dmitry Pryadko

thanks. it works.
but not return 403;

https:// works

I want this :

https:// must return 403

p12 + https:// return 200 OK

Posted at Nginx Forum:,256931,256934#msg-256934

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs