Nginx 客户端证书使用 IP

Nginx 客户端证书使用 IP

以下是我的服务器块。我使用客户端证书来控制对 Web 服务的访问。如果我以以下方式访问服务,则一切正常https://domain.com/TEST。但如果我尝试访问https://xxx.x.xx.xxx/TEST(即使用 IP 地址而不是域名)我收到一条错误消息,提示“未发送所需的 SSL 证书”,尽管我发送的是完全相同的证书。我的配置有什么问题?

server {
    listen   443; ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6

    server_name xxx.x.xx.xxx www.domain.com domain.com;
    access_log /usr/www/domain/logs/access.log;
    error_log /usr/www/domain/logs/error.log;

    ssl on;
    ssl_certificate /opt/nginx/ssl/server.crt;
    ssl_certificate_key /opt/nginx/ssl/server.key;
    ssl_client_certificate /opt/nginx/ssl/cacert.pem;
    ssl_verify_client on;
    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on; 

    rewrite ^/REGISTER$ /register.php break;
    rewrite ^/TEST$ /test.php break;

    location / { 
            root /usr/www/domain/public_html;
            try_files $uri $uri/ @node;

            expires max;
            access_log off;
    }   

    location @node {
            proxy_pass http://127.0.0.1:3000;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        location ~ \.php$ {
                root /usr/www/domain/public_html;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param  VERIFIED $ssl_client_verify;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}

相关内容