On Wed, Feb 03, 2016 at 09:37:25AM +0100, Aleksandar Lazic wrote:
> Am 02-02-2016 23:22, schrieb Alex Samad:

Hi there,

> Cool it would be nice if you can tell us if it's works and how was
> your solution ;-)

I think that "location" does not take variables, and so this will
not work.

More below.

> >On 2 February 2016 at 20:56, Aleksandar Lazic <al-nginx@none.at> wrote:
> >>Am 02-02-2016 04:32, schrieb Alex Samad:

> >>>Is it possible with nginx to do this
> >>>
> >>>https://www.abc.com
> >>>/
> >>>/noclientcert/
> >>>/clientcert/
> >>>
> >>>so you can get to / with no client cert, but /clientcert/ you need a
> >>>cert, but for /noclientcert/ you don't need a cert.
> >>>
> >>>Looks like from the config doco you can only set it for the
> >>>whole tree ...

Untested by me, but if you set

ssl_verify_client optional;

and then within your

location ^~ /clientcert/ {}

you have something like

if ($ssl_client_verify != SUCCESS) { return 403; }

would that fit your needs?

(If the content below /clientcert/ is all handled by an external process,
then possibly it could do its own validation or verification using values
provided by nginx.)

http://nginx.org/r/$ssl_client_verify for some details.

Good luck with it,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx