[Nginx&TLS] How to make log show a successful exchange of digital certificates.
dencivi
nginx-forum at nginx.us
Tue Feb 5 07:15:04 UTC 2013
Hello,
I've make nginx support TLS(Mutual Authentication), It's can be work
and very cool. but i want have some detail log about exchange of digital
certificates. for example, the log have exchange success and client digital
certificates information in this exchange action.
My system like: Broswer <--TLS--> Nginx 1.0.8 <--HTTP--> Tomcat
So, what can i do?
Thanks for your work.
=============== nginx.conf ================
server
{
listen 8889;
server_name 192.168.10.251;
index index.jsp index.html index.htm;
charset utf-8;
log_format tls_log '$remote_addr $remote_user [$time_local] "$request"
$http_host '
'$status $upstream_status $body_bytes_sent "$http_referer"
'
'"$http_user_agent" $ssl_protocol $ssl_cipher
$upstream_addr '
'$request_time $upstream_response_time';
access_log /usr/local/nginx/logs/http_8889_access.log tls_log;
#TLS start
ssl on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_client_certificate ssl/ca.crt ;
ssl_verify_client on;
ssl_protocols SSLv2 SSLv3 TLSv1;
#TLS end
#chunkin for XTOM
chunkin on;
error_page 411 = @my_411_error;
location @my_411_error {
chunkin_resume;
}
location ~ /mux-.+ {
proxy_pass http://192.168.10.123:8080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
}
===========
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,235909,235909#msg-235909
More information about the nginx
mailing list