Skip to content

robyoung/nginx-client-certs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
config
config
 
 
scripts
scripts
 
 
ssl
ssl
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Client certificates in Nginx

This repository sets up a TLS PKI and a couple of Nginx Docker containers to show the use of TLS client certificates with Nginx.

Build the PKI, start the containers and run the tests with make test

Testing locally with curl

Start up nginx

# Build the PKI
> make build-pki
> docker-compose up backend

Enter the client container

> docker-compose run --rm client bash

Test open vhost

This should work.

> curl http://open.backend.test

Test secure vhost

This should fail because the signing CA is not in the client's trust store.

> curl https://secure.backend.test

This should work.

curl --cacert ./test-ca.pem https://secure.aam.test

Test client cert validating vhost

This should fail because the signing CA is not in the client's trust store.

> curl https://client.backend.test

This should fail because the client cert is not presented.

curl --cacert ./test-ca.pem https://client.backend.test

This should work.

> curl --cert ./client.pem:password --cacert ./test-ca.pem https://client.backend.test

Useful links

How to create your own SSL certificate authority Client-side SSL AWS API-Gateway client authentication and Nginx Nginx add client cert

Relevant Nginx docs

ngx_http_proxy_module ngx_http_ssl_module ngx_stream_proxy_module (not used here but useful if you want to proxy something other than HTTP)

About

Client certificates in Nginx

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages