Created
April 8, 2020 05:29
-
-
Save ronamosa/71dcc660bf40af5245a4c7118a70780a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user www-data; | |
| worker_processes auto; | |
| pid /run/nginx.pid; | |
| events { | |
| } | |
| http { | |
| # custom log format to show good debugging information. | |
| log_format ssl_client | |
| '$remote_addr - $remote_user [$time_local] ' | |
| '"$request" $status $body_bytes_sent ' | |
| '"Client fingerprint" $ssl_client_fingerprint ' | |
| '"Client DN" $ssl_client_s_dn'; | |
| error_log /var/log/nginx/error.log; | |
| server { | |
| listen 443 ssl; | |
| # set our access_log to use the log_format from above. | |
| access_log /var/log/nginx/listener.log ssl_client; | |
| # homepage for the NGINX server -- edit as needed. | |
| root /usr/share/nginx/html; | |
| index index.html; | |
| # server's name -- mine is a fqdn | |
| server_name mtls.cloudbuild.site; | |
| # setup the server cert, key and the ca-cert which will be the same one that signed the client certs. | |
| ssl_certificate /etc/nginx-server-certs/tls.crt; | |
| ssl_certificate_key /etc/nginx-server-certs/tls.key; | |
| ssl_client_certificate /etc/nginx-ca-certs/ca-chain.cert.pem; | |
| # enable mutual tls and set depth to be >2. | |
| ssl_verify_client on; | |
| ssl_verify_depth 10; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment