Nginx – client authentication when using nginx proxy_pass

nginx

My question is about nginx directive "proxy_pass".

I have an http server and I need to redirect requests using https.
I'm using the following statement:
proxy_pass https://secure.server
In wireshark I see that there is a SSL handshake, but client (nginx proxy_pass https:) did not send certificate on server's SSL certificate request.
Verifying client certificate is necessary by server. How can I force proxy_pass to send client certificate when using https ?
Below is part of nginx.conf configuration file:

server {
    listen  8888;
    server_name     _;
    error_page 405 =200 $uri;
    ssl_certificate       /usr/local/cert.pem;
    ssl_certificate_key   /usr/local/cert.pem                                          
    ssl_client_certificate  /usr/local/ca.cer;       

    location ~ /uri/(.+) {

                    proxy_pass https://secure.server;
                    break;
            }

    }

Best Answer

You need to enable SSL client certificate verification.

Add this under the other SSL configurations:

ssl_verify_client on;

See more information here.

Related Solutions

Node.js + Nginx – What now

Nginx works as a front end server, which in this case proxies the requests to a node.js server. Therefore you need to setup an nginx config file for node.

This is what I have done in my Ubuntu box:

Create the file yourdomain.com at /etc/nginx/sites-available/:

vim /etc/nginx/sites-available/yourdomain.com

In it you should have something like:

# the IP(s) on which your node server is running. I chose port 3000.
upstream app_yourdomain {
    server 127.0.0.1:3000;
    keepalive 8;
}

# the nginx server instance
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    access_log /var/log/nginx/yourdomain.com.log;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;

      proxy_pass http://app_yourdomain/;
      proxy_redirect off;
    }
 }

If you want nginx (>= 1.3.13) to handle websocket requests as well, add the following lines in the location / section:

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

Once you have this setup you must enable the site defined in the config file above:

cd /etc/nginx/sites-enabled/ 
ln -s /etc/nginx/sites-available/yourdomain.com yourdomain.com

Create your node server app at /var/www/yourdomain/app.js and run it at localhost:3000

var http = require('http');

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.end('Hello World\n');
}).listen(3000, "127.0.0.1");
console.log('Server running at http://127.0.0.1:3000/');

Test for syntax mistakes:

nginx -t

Restart nginx:

sudo /etc/init.d/nginx restart

Lastly start the node server:

cd /var/www/yourdomain/ && node app.js

Now you should see "Hello World" at yourdomain.com

One last note with regards to starting the node server: you should use some kind of monitoring system for the node daemon. There is an awesome tutorial on node with upstart and monit.

How update a parameter via Javascript in CDE

Easy, simply:

Dashboards.fireChange('paramname', paramvalue);

Best Answer

Related Solutions

Node.js + Nginx – What now

How update a parameter via Javascript in CDE

Related Topic