Hello nginx list,
running version 0.8.54-4 9 (ubuntu 11.04)
Tried to configure nginx as reverse proxy for a wish to have client cert
authention on a specific url-path, but i failed.
The wish is to have:
https://hostA/pathA → no client cert → upstreamA
https://hostA/pathB → client cert required → upstreamB
I tried to configure nginx in one server definition multiple locations,
within the locations “ssl_client_certificate off;” in one location and
“ssl_client_certificate on;” in the other location. but got an error
as:
011/08/05 07:54:56 [emerg] 5376#0: “ssl_client_certificate” directive is
not allowed here in …(file/line number)
Another way i tried, is to have 2 identical server definitions, except
for
the location and ssl_client_certificate on/off; But then i got the
(more or less expected) error twice:
2011/08/05 07:58:43 [warn] 5392#0: conflicting server name
“” on :443, ignored
my question,
is it possible what i’m trying to configure?
another question, related to this, i’d like to give the email from the
client certificate to the backend (in a http header variabele), but
found
one way close to what i want, and that is to give the complete
certificate
($ssl_client_cert) to upstream, but that way eats much of the 4000Bytes
max http header space…
Is there a way to set just the email from client cert?
Thanks in advance,
–
Arjan Filius
mailto:[email protected]