7
我有2个Nginx服务器server1和server2。 server1需要客户端ssl验证。 服务器2代理的所有请求到Server1Nginx ssl_verify_client和proxy_pass
的问题是当我试图直接从Server1上的浏览器访问我的服务要求我的客户端证书,它工作正常
但从servier2它总是给错误“400错误的请求不需要SSL证书被送到”
server1的nginx的配置是
server {
listen 443;
server_name server1 ;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location/{
proxy_pass https://some-service;
}
}
Server2上nginx的配置是
server {
listen 443 default_server;
server_name server2;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
location/{
proxy_pass https://server1;
}
}
这个问题似乎是题外话,因为它不是关于节目。请参阅帮助中心内的[我可以询问哪些主题](https://stackoverflow.com/help/on-topic)。也许[服务器故障](http://serverfault.com/)或[Webmaster Stack Exchange](http://webmasters.stackexchange.com/)会是一个更好的地方。 – jww