I'm trying to make access SSL only with key p12
you don't have key = access denied


Restarting nginx: nginx: [emerg] unknown directive "if($ssl_client_verify" in /etc/nginx/sites-enabled/default:144
nginx: configuration file /etc/nginx/nginx.conf test failed


what I'm doing wrong ?


server {
listen 80; ## listen for ipv4; this line is default and implied

root /home/xxx/public_html;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
server_name xxx.com www.xxx.com;

set $cache_uri $request_uri;

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}
#passwd
location /wp-admin/ {
auth_basic "Admin area password";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /wp-login.php {
auth_basic "Admin area password";
auth_basic_user_file /etc/nginx/htpasswd;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}

location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }

location ~* /(?:|uploads|files)/.*(\.|php|js|html|tpl|sh)$ {
deny all;
location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location / {
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args ;
}
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
set $cache_uri 'null cache';
}
rewrite ^(.*)?/?files/(.*) /wp-content/blogs.php?file=$2;
if (!-e $request_filename) {
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 break;
rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
rewrite ^ /index.php last;
}
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;




location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi_params;
}
}




server {
listen 443 ;
ssl on;
server_name xxx.com www.xxx.com;
root /home/xxx/public_html;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_verify_client on;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 5m;
ssl_verify_depth 1;


#location ~* {
if($ssl_client_verify != SUCCESS) ## NOT WORKS
{ return 403;
}
#}
location / {
fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_param SCRIPT_FILENAME /home/xxx/public_html/wp-login.php;
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include fastcgi_params;
}


}

sorry for my english.