This creates backward-compatible SSL variables in nginx, compared to Apache mod_ssl module; it is particularly interesting for access to SSL client certificate. A few variables are given by nginx, and some others have to be computed through nginx-Lua with a Lua-OpenSSL interface.
All available SSL variables are given in the COMPATIBILITY.md file with its specifications and current implementation status.
- Copy the files
*.confin your nginx directory/etc/nginx(or another non-standard location).
Soft install:
-
Include the file
*_ssl_variables.confin your web server config corresponding to your gateway (fastcgi, scgi, uwsgi). For instance:location ~ \.php { include fastcgi.conf; include fastcgi_ssl_variables.conf; }
-
Depending of your nginx version, uncomment lines where a nginx version is indicated. You can also comment some variables you don’t need.
-
Reload nginx. It’s ready!
Complete install:
-
Be sure you have installed the nginx Lua package (available in the Debian/Ubuntu package nginx-extras).
-
Install the Lua-OpenSSL interface written by zhaozg and be sure it works in the Lua command line.
-
Include the file
*_ssl_variables_lua.confin your web server config corresponding to your gateway (fastcgi, scgi, uwsgi). For instance:location ~ \.php { include fastcgi.conf; include fastcgi_ssl_variables_lua.conf; }
-
Depending of your nginx version, uncomment lines where a nginx version is indicated. You can also comment some variables you don’t need.
-
Reload nginx. It’s ready!
Don’t hesit to submit pull requests or open issues. When you change files, you only need to change the two files fastcgi_*.conf, then use the Bash script utils/sync_scgi-uwsgi_from_fastcgi.sh to update the four other files, scgi_*.conf and uwsgi_*.conf.
I’m not (yet) part of nginx community, and I don’t know if such a patch could/should be added to nginx, neither know the SSL module development policy and roadmap; if you have some advices about that, you can reach me to discuss.