Welcome! Log In Create A New Profile


Forwarding a self-signed client certificate to backend

Posted by lemonadex 
Forwarding a self-signed client certificate to backend
October 05, 2018 09:03AM
Hello everybody.
Help a newbie, please.
We have backend application web-server with authorization with login/pass + self-signed client certificate.
What parameters need to be specified so that the installed client certificate is forwarded to backend application server?
My config:

server {
listen 80;
server_name cab.site.com;
return 301 https://cab.site.com$uri$is_args$args;
server {
listen 443 ssl;
server_name cab.site.com;
ssl_certificate /etc/nginx/ssl/public.pem;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_session_timeout 5m;
ssl_verify_client optional;
ssl_client_certificate /etc/nginx/ssl/self-ca.pem;
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $remote_addr;
real_ip_header X-Real-IP;
real_ip_recursive on;

location / {
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_http_version 1.1;
error_log /var/log/nginx/cab-error.log;
access_log /var/log/nginx/cab-access.log;
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready