Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Nginx Client Certs
server {
listen 443 ssl http2;
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server/key
ssl_client_certificate /path/to/client-ca.crt;
ssl_verify_client optional;
location /secret {
if ($ssl_client_verify != SUCCESS) { return 403; }
include /path/to/upstream.conf;
location / {
include /path/to/upstream.conf;
upstream unicorn {
server unix:/var/run/unicorn.sock fail_timeout=0;
proxy_pass http://unicorn;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.