以下是我的服务器块。我使用客户端证书来控制对 Web 服务的访问。如果我以以下方式访问服务,则一切正常https://domain.com/TEST。但如果我尝试访问https://xxx.x.xx.xxx/TEST(即使用 IP 地址而不是域名)我收到一条错误消息,提示“未发送所需的 SSL 证书”,尽管我发送的是完全相同的证书。我的配置有什么问题?
server {
listen 443; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name xxx.x.xx.xxx www.domain.com domain.com;
access_log /usr/www/domain/logs/access.log;
error_log /usr/www/domain/logs/error.log;
ssl on;
ssl_certificate /opt/nginx/ssl/server.crt;
ssl_certificate_key /opt/nginx/ssl/server.key;
ssl_client_certificate /opt/nginx/ssl/cacert.pem;
ssl_verify_client on;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
rewrite ^/REGISTER$ /register.php break;
rewrite ^/TEST$ /test.php break;
location / {
root /usr/www/domain/public_html;
try_files $uri $uri/ @node;
expires max;
access_log off;
}
location @node {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ \.php$ {
root /usr/www/domain/public_html;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}