Hi guys,
I'm using nginx in form of container (docker.io/nginx), version 1.17.3-alpine
I'm trying to setup my nginx to do TLS auth and then forward packets to another host in the network.
As part of this I also have to support some probes that continuously monitor a secondary location, same server, same port.
This is my configuration
```
server {
listen 443 ssl;
server_name mydomain.com;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_client_certificate /etc/nginx/ca_certs/ca.crt;
ssl_verify_client optional;
ssl_verify_depth 2;
location = /healthz {
return 200 'the app is alive!';
}
location = / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_pass http://other-host:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header SSL_Client $ssl_client_s_dn;
proxy_set_header SSL_Client_Verify $ssl_client_verify;
}
}
```
First of all, as soon as I load the configuration I get the following error:
```
2019/12/05 10:22:35 [emerg] 1#1: invalid condition "!=" in /etc/nginx/conf.d/mydomain.conf:36
nginx: [emerg] invalid condition "!=" in /etc/nginx/conf.d/mydomain.conf:36
```
I find this if directive on any possible tutorial. I'm really not sure what's wrong here...
Also, even if I remove the if clause (just to see if otherwise it would work) I get another error:
```
2019/12/05 11:10:20 [emerg] 1#1: invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/mydomain.conf:41
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/mydomain.conf:41
```
Even after removing all the entire `location = /` block (to see if at least the container starts and /healtz return 200), I still get the following error:
```
2019/12/05 11:43:30 [error] 8#8: *90 open() "/etc/nginx/html/healtz" failed (2: No such file or directory), client: 172.16.0.158, server: , request: "GET /healtz HTTP/1.1", host: "mydomain.com"
172.16.0.158 - - [05/Dec/2019:11:43:30 +0000] "GET /healtz HTTP/1.1" 404 153 "-" "Wget" "-"
172.16.56.6 - - [05/Dec/2019:11:43:40 +0000] "GET / HTTP/1.1" 404 153 "-" "-" "-"
```
Shouldn't the return directive (as written) simply return a 200 and the message, even if a page is not present?
Sorry if I posted in the same thread three different issues... I just thought it would have made sense to post them together.
Thank you,
-Luca