This creates backward-compatible SSL variables in nginx, compared to Apache mod_ssl module; it is particularly interesting for access to SSL client certificate. A few variables are given by nginx, and some others have to be computed through nginx-Lua with a Lua-OpenSSL interface.
All available SSL variables are given in the COMPATIBILITY.md file with its specifications and current implementation status.
- Copy the files
*.conf
in your nginx directory/etc/nginx
(or another non-standard location).
Soft install:
-
Include the file
*_ssl_variables.conf
in your web server config corresponding to your gateway (fastcgi, scgi, uwsgi). For instance:location ~ \.php { include fastcgi.conf; include fastcgi_ssl_variables.conf; }
-
Depending of your nginx version, uncomment lines where a nginx version is indicated. You can also comment some variables you don’t need.
-
Reload nginx. It’s ready!
Complete install:
-
Be sure you have installed the nginx Lua package (available in the Debian/Ubuntu package nginx-extras).
-
Install the Lua-OpenSSL interface written by zhaozg and be sure it works in the Lua command line.
-
Include the file
*_ssl_variables_lua.conf
in your web server config corresponding to your gateway (fastcgi, scgi, uwsgi). For instance:location ~ \.php { include fastcgi.conf; include fastcgi_ssl_variables_lua.conf; }
-
Depending of your nginx version, uncomment lines where a nginx version is indicated. You can also comment some variables you don’t need.
-
Reload nginx. It’s ready!
Don’t hesit to submit pull requests or open issues. When you change files, you only need to change the two files fastcgi_*.conf
, then use the Bash script utils/sync_scgi-uwsgi_from_fastcgi.sh
to update the four other files, scgi_*.conf
and uwsgi_*.conf
.
I’m not (yet) part of nginx community, and I don’t know if such a patch could/should be added to nginx, neither know the SSL module development policy and roadmap; if you have some advices about that, you can reach me to discuss.