> so if I put both of these in one server block so that the incoming is de-crypted and the outgoing is decrypted. Do I put both the server and client certs in the same server block ?
confused.

Depends on what setup/requirements you actually have:

- If your backend server requires authentication then you have to provide a client certificate via proxy_ssl_certificate (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_certificate ).

- If your clients need to authenticate versus your nginx proxy then you use ssl_verify_client / ssl_trusted_certificate ( http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client ).

- If your backend requires passing through the user certificates it's a bit tricky as depending on backend it might or might not work https://trac.nginx.org/nginx/ticket/857

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx