Hi,
I'm running nginx version: nginx/1.11.5 (nginx-plus-r11). I am trying to connect a tcp client (with client cert) over SSL to nginx, where the SSL will be validated and terminated, and then onto the upsteam server in the clear.
I have the following configuration:
stream {
upstream upstream_servers {
server localhost:80;
}
server {
listen 192.168.0.30:443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/client.crt;
ssl_verify_client on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 2;
proxy_pass upstream_servers;
}
}
However, I get a '2018/03/27 12:14:35 [emerg] 18325#18325: "ssl_client_certificate" directive is not allowed here in /etc/nginx/conf.d/my-listener.conf:11' error when I try to start the server.
According to http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate, this seems to be a valid configuration directive.
Would anyone be able to help identify what it is that I am missing?
Many thanks,
Dave