Hey guys,
I am totally new to Nginx, I need some advice with my reverse proxy
setup.
This is what i am trying to set up. Client(commit a client
cert)<========>| Nginx (reverse proxy with ssl)|<========>Tomcat (with
SSL and clientAuth=true)
Follow is my nginx.conf,but it don’t work.The messge from nginx logs:
2010/04/01 15:18:53 23771#0: *51 SSL_do_handshake() failed (SSL:
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate)
while SSL handshaking to upstream, client: 192.168.2.225, server:
localhost, request: “GET /prepayms/ HTTP/1.1”, upstream:
“https://192.168.2.33:18444/prepayms/”, host: “192.168.2.48:48443”
nginx.conf:
upstream backssl{
server 192.168.2.33:18444;
}# HTTPS server
server {
listen 48443 default ssl;
server_name localhost;
ssl on;
ssl_client_certificate /home/newprepay/ca/ca-cert.pem;
ssl_certificate /home/newprepay/server/server-cert.pem;
ssl_certificate_key /home/newprepay/server/server.key;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_verify_depth 12;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 SSLv2 SSLv3;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSlv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://backssl;
My questions are
Can I have an SSL from Client to Nginx and another between Nginx and
Tomcat ,nginx verify the client certificate,and also transfer the
client certificate to tomcat,tomcat also verify the client
certificate.
if nginx can do this,how to setup.Can someboby give me an correct
nginx.conf for this?
Thank You,
kaiyuan
Posted at Nginx Forum: