nginx部分location开启双向认证

  sre

直接在location中增加ssl_verify_client on的话会报错:

nginx: [emerg] “ssl_verify_client” directive is not allowed here

规避一下:

server
    {
    listen 443 ssl;
    ...
    #不强制开启
    ssl_verify_client optional;
    ssl_client_certificate ssl/client.cer;

    location / {
        #不传证书的话重定向掉
        if ($ssl_client_verify != SUCCESS) {
            return 403 'ssl_verify_client location!';
        break;
        ...
    }
    location /public {
        ...
    }

LEAVE A COMMENT

Captcha Code