Hello,
I am attempting to use ca.mydomain.com with client certificate auth as a
springboard for other sites on the same server. I am using client certs
with
my iphone (and other browsers) to skip the password auth and be more
secure.
The first two proxy_pass statements work fine (sickbeard and
couchpotato)
but the next (munin) gives the error 400 Bad Request No required SSL
certificate was sent. If I put the address
(https://tools.mydomain.com/munin) in my address bar it works fine? I
don’t
understand why it is requesting the client cert for the subdomain that
doesn’t use client auth. The tools.mydomain.com uses basic auth.
Secondly I want to access the tools.mydomain.com from ca.mydomain.com
and
not be prompted for the basic auth password. So I want to include the
authorization in the proxying.
Any help you all can provide would be great. I hope I explained my issue
well enough!
server {
listen my.ip.address:80;
server_name ca.mydomain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen my.ip.address:443 ssl spdy;
ssl_certificate /etc/ssl/certs/my.pem;
ssl_certificate_key /etc/ssl/private/my.key;
root /var/www/ca.thefamilygarrison;
index index.php index.html index.htm;
server_name ca.mydomain.com;
pagespeed off;
ssl_client_certificate /etc/nginx/clientauth/ca.crt;
ssl_verify_client on;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location /sickbeard {
proxy_pass http://my.ip.address:65007/sickbeard;
}
location /couchpotato {
proxy_pass http://my.ip.address:65005/couchpotato;
}
location /munin {
proxy_pass https://tools.mydomain.com/munin;
}
}
Posted at Nginx Forum: