Nginx with Client Certificate

Page content

NGINX with Client Certificates

root@debian:/etc/nginx/sites-available#
server {
  listen 80;
  listen [::]:80;

  server_name host198.planet;
  root /var/www/host198.planet;

  access_log /var/log/nginx/host198.planet;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name host198.planet;
  root /var/www/host198.planet;

  ssl_certificate /etc/ssl/private/fullchain.crt;
  ssl_certificate_key /etc/ssl/private/host198.planet.key;

  ssl_protocols TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;

  ssl_client_certificate /etc/ssl/private/ca.crt;
  ssl_verify_client optional;

  access_log /var/log/nginx/host198.planet;
        index index.html;

        #location / {
        #        try_files $uri $uri/ =404;
        #}
        location / {
          # if the client-side certificate failed to authenticate, show a 403
          # message to the client
          if ($ssl_client_verify != SUCCESS) {
            return 403;
          }
        }
}

sha256: 6454587fc628236428eb30a0e339622101504317747dd2c3d816908388c19b7f