Hello,
I am attempting to use ca.mydomain.com with client certificate auth as a springboard for other sites on the same server. I am using client certs with my iphone (and other browsers) to skip the password auth and be more secure. The first two proxy_pass statements work fine (sickbeard and couchpotato) but the next (munin) gives the error 400 Bad Request No required SSL certificate was sent. If I put the address (https://tools.mydomain.com/munin) in my address bar it works fine? I don't understand why it is requesting the client cert for the subdomain that doesn't use client auth. The tools.mydomain.com uses basic auth.

Secondly I want to access the tools.mydomain.com from ca.mydomain.com and not be prompted for the basic auth password. So I want to include the authorization in the proxying.

Any help you all can provide would be great. I hope I explained my issue well enough!


server {
listen my.ip.address:80;
server_name ca.mydomain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen my.ip.address:443 ssl spdy;
ssl_certificate /etc/ssl/certs/my.pem;
ssl_certificate_key /etc/ssl/private/my.key;
root /var/www/ca.thefamilygarrison;
index index.php index.html index.htm;
server_name ca.mydomain.com;
pagespeed off;

ssl_client_certificate /etc/nginx/clientauth/ca.crt;
ssl_verify_client on;

location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

location /sickbeard {
proxy_pass http://my.ip.address:65007/sickbeard;
}

location /couchpotato {
proxy_pass http://my.ip.address:65005/couchpotato;
}

location /munin {
proxy_pass https://tools.mydomain.com/munin;
}
}