Welcome! Log In Create A New Profile

Advanced

Re: ProxySSL with client certificate - error redirection problem

September 22, 2009 05:45AM
Thank you very much Igor,

Your setup is working fine if I do reverse proxy on http.
Because I needed to redirect the error to a https page, I have modified the setup by creating another proxy ssl instance, where I didn't asked for ssl_verify_client.
My setup is working now, even if I don't use the standard SSL port. Any other suggestions for it?
Here it is, for any other interested:



# HTTPS server configuration
#

server {
listen 443;

ssl on;
ssl_certificate /etc/httpd/ssl/proxy-ssl.cer;
ssl_certificate_key /etc/httpd/ssl/server.key;
ssl_client_certificate /etc/httpd/ssl/ca-bundle.crt;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_verify_client on;
ssl_verify_depth 5;


error_page 495 https://external.web.address:44399/certsrv;
error_page 496 https://external.web.address:44399/certsrv;

location / {
proxy_pass http://internal.web.server:80; proxy_buffering on;
proxy_set_header Subject $ssl_client_s_dn;
proxy_set_header Issuer $ssl_client_i_dn;
proxy_set_header SerialNumber $ssl_client_serial;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}

access_log /var/log/nginx/proxy.access.log main;
error_log /var/log/nginx/proxy.error.log debug;

}


server {
listen 44399;

ssl on;
ssl_certificate /etc/httpd/ssl/proxy-ssl.cer;
ssl_certificate_key /etc/httpd/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

location / {
proxy_pass https://internal.web.server; proxy_buffering on;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}

access_log /var/log/nginx/certificate.access.log main;
error_log /var/log/nginx/certificate.error.log debug;

}
Subject Author Posted

ProxySSL with client certificate - error redirection problem

adileso September 21, 2009 08:46AM

Re: ProxySSL with client certificate - error redirection problem

Igor Sysoev September 21, 2009 03:12PM

Re: ProxySSL with client certificate - error redirection problem

adileso September 22, 2009 05:45AM

Re: ProxySSL with client certificate - error redirection problem

Igor Sysoev September 22, 2009 06:26AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready