以下是我的服务器块。 我正在使用客户端证书来控制对web服务的访问。 一切工作正常,如果我访问该服务为https://domain.com/TEST 。 但是,如果我尝试访问为https://xxx.x.xx.xxx/TEST (即使用IP地址,而不是域mame),我得到一个错误,说:“所需的SSL证书没有发送”即使我发送完全相同证书。 我的configuration有什么问题?
server { listen 443; ## listen for ipv4; this line is default and implied #listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name xxx.x.xx.xxx www.domain.com domain.com; access_log /usr/www/domain/logs/access.log; error_log /usr/www/domain/logs/error.log; ssl on; ssl_certificate /opt/nginx/ssl/server.crt; ssl_certificate_key /opt/nginx/ssl/server.key; ssl_client_certificate /opt/nginx/ssl/cacert.pem; ssl_verify_client on; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; rewrite ^/REGISTER$ /register.php break; rewrite ^/TEST$ /test.php break; location / { root /usr/www/domain/public_html; try_files $uri $uri/ @node; expires max; access_log off; } location @node { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location ~ \.php$ { root /usr/www/domain/public_html; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param VERIFIED $ssl_client_verify; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }