Thanks, I got it working in the end though. I realize a Yubikey isn't
terribly performant but for my particular use case I don't expect that to be
a problem.
Cheers,
Erik
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,286922,286967#
made the whole thing work. Note that the client certificate itself
is still read from a file as proxy_ssl_certificate does not support pkcs11
uri's.
I can now access the remote TLS server through the local proxy:
$ curl http://localhost/foo/bar
Erik van Zijst
Posted at Nginx Forum:
https://forum.
SSL handshake (104: Connection reset by peer) while SSL handshaking to
upstream, client: ::1, server: _, request: "GET /upstream HTTP/1.1",
upstream: "https://10.16.1.21:443/";, host: "localhost"
Cheers,
Erik van Zijst
Posted at Nginx Forum:
something like:
location /upstream {
proxy_passhttps://backend.example.com;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key
'pkcs11:type=private;token=some_token;object=username%40example.org';
}
Cheers,
Erik van Zijst
Posted at Nginx Forum:
igned certificate and private
key file, but my cert and key are in hardware (YubiKey in PIV mode).
I have pkcs11 support through OpenSC, but I'm wondering if Nginx can work
with that. Is there a way to have it use the yubikey through pkcs11?
Cheers,
Erik
Posted at Nginx Forum:
https://forum
> On Thu, Nov 09, 2017 at 03:17:36PM -0600, Joel Parker wrote:
>
> > I want to load a table of key/value pairs from the file system when nginx
> > starts and not every time a request comes in. I am going to use the
> > key/value pairs to compare against incoming post args in my location block.
> >
B.R. Monday, November 23, 2015 2:26 PM
On Mon, Nov 23, 2015 at 12:23 AM, Sylvain BERTRAND
wrote:
>>That's why I'm posting here: *Only nginx* www sites does block lynx. Something
>>is not right there: a default aggressive blocking policy from nginx?
>There is a difference between 'only websites
gx_processes(worker, loader, manager)
>
>So no, you can't, but you can implement this logic yourself.
Understood, thanks. I guess I'll just add a --no-reap-unknown command line
argument to suppress reaping of unknown processes.
>On Fri, May 15, 2015 at 9:22 PM, Nelson, Er
at
server.
Thanks
Erik
--
This message, and any attachments, is for the intended recipient(s) only, may
contain information that is privileged, confidential and/or proprietary and
subject to important terms and conditions av
