Hi,

I'm running nginx version: nginx/1.11.5 (nginx-plus-r11). I am trying to connect a tcp client (with client cert) over SSL to nginx, where the SSL will be validated and terminated, and then onto the upsteam server in the clear.

I have the following configuration:

stream {
upstream upstream_servers {
server localhost:80;
}

server {
listen 192.168.0.30:443 ssl;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/client.crt;
ssl_verify_client on;

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 2;

proxy_pass upstream_servers;
}
}

However, I get a '2018/03/27 12:14:35 [emerg] 18325#18325: "ssl_client_certificate" directive is not allowed here in /etc/nginx/conf.d/my-listener.conf:11' error when I try to start the server.

According to http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate, this seems to be a valid configuration directive.

Would anyone be able to help identify what it is that I am missing?

Many thanks,

Dave