Hello! On Mon, Jun 09, 2014 at 01:53:11PM -0400, paulg1981 wrote:
> Hello, > I am attempting to use ca.mydomain.com with client certificate auth as a > springboard for other sites on the same server. I am using client certs with > my iphone (and other browsers) to skip the password auth and be more secure. > The first two proxy_pass statements work fine (sickbeard and couchpotato) > but the next (munin) gives the error 400 Bad Request No required SSL > certificate was sent. If I put the address > (https://tools.mydomain.com/munin) in my address bar it works fine? I don't > understand why it is requesting the client cert for the subdomain that > doesn't use client auth. The tools.mydomain.com uses basic auth. In no particular order: - Make sure that "s" in the "https://tools..."; isn't a typo and you actually mean to use encrypted connection between nginx and this backend. - Make sure the "tools.mydomain.com" https backend actually don't have client cert auth switched on. In particular, make sure it's either uses separate ip:port, or you've enabled SNI in nginx proxy (http://nginx.org/r/proxy_ssl_server_name). > Secondly I want to access the tools.mydomain.com from ca.mydomain.com and > not be prompted for the basic auth password. So I want to include the > authorization in the proxying. Instead of providing a password, you may consider configuring access from a fixed set of ip addresses, using the access module and "satisfy any", see http://nginx.org/r/satisfy for an example. If you want nginx to send a password, you may do so by adding the Authorization header with proxy_set_header, see http://nginx.org/r/proxy_set_header and http://tools.ietf.org/html/rfc2617#section-2. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
