I’m in the process of converting from lighttpd to nginx, but I’m not
finding an equivalent of the lighttpd directive:
ssl.verifyclient.username = “SSL_CLIENT_S_DN_CN”
This sets the REMOTE_USER environment variable for the backend FastCGI
process, and logs the common name into the access log.
Is it possible to do this in nginx?
Thanks,
Fred
Posted at Nginx Forum:
Hello!
On Tue, Sep 20, 2011 at 06:39:08PM -0400, sailorfred wrote:
I’m in the process of converting from lighttpd to nginx, but I’m not
finding an equivalent of the lighttpd directive:ssl.verifyclient.username = “SSL_CLIENT_S_DN_CN”
This sets the REMOTE_USER environment variable for the backend FastCGI
process, and logs the common name into the access log.Is it possible to do this in nginx?
There is no direct replacement. If you are ok with full cert subject
DN as a user name, use something like this:
fastcgi_pass ...
fastcgi_param REMOTE_USER $ssl_client_s_dn;
...
Extracting only CN should be possible with “if” directive, though
will require writing some regexp to parse CN from DN. (And please
make sure to read If is Evil… when used in location context | NGINX as “if” may cause
problems by itself if used in location context.)
Maxim D.
On Wed, Sep 21, 2011 at 03:05:26AM +0400, Maxim D. wrote:
process, and logs the common name into the access log.
Extracting only CN should be possible with “if” directive, though
will require writing some regexp to parse CN from DN. (And please
make sure to read If is Evil… when used in location context | NGINX as “if” may cause
problems by itself if used in location context.)
The “map” directive with regex can be used instead of “if”,
something like this:
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~/CN=(?<CN>[^/]+) $CN;
};
–
Igor S.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs