Welcome! Log In Create A New Profile


How to implement +FakeBasicAuth on nginx

Posted by gmusliaj 
How to implement +FakeBasicAuth on nginx
September 24, 2017 11:44AM
Hi All,

lately I have switched from apache to nginx and I am having some troubles configuring basic authentication with client ssl certificates. In my apache configuration I have:

<Location /mylocation>
AuthType Basic
AuthName "Client Certificate Required"
AuthUserFile /path/to/user/file
SSLCACertificateFile "/path/to/ca"
Require valid-user
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth

and I want to configure the same using nginx but no success. Below is the configuration I am using on nginx:

server {
listen *:443 ssl;
ssl on;
ssl_certificate /path/to.crt;
ssl_certificate_key /path/to.key;
ssl_client_certificate /path/to.pem;
ssl_verify_client optional;
ssl_verify_depth 5;

##kept out other configuration as its non-relevant

location /mylocation {
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include /etc/nginx/fastcgi_params;
if ($ssl_client_verify != SUCCESS) {
return 403;
##kept out other configuration as its non-relevant

I am calling /mylocation using PAW (REST Client) and have provided the client certificate accordingly but keep getting always HTTP 403

The site is configured ok, and if I remove the check I get the response as expected.

Any response is much appreciated.

nginx/1.10.3 (Ubuntu)
PHP 5.6 with FPM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 167
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready