addteq-himanshu/nginx-client-certs

Client certificates in Nginx

Client certificates in Nginx

This repository sets up a TLS PKI and a couple of Nginx Docker containers to show the use of TLS client certificates with Nginx.

Build the PKI, start the containers and run the tests with make test

Testing locally with curl

Start up nginx

# Build the PKI
> make build-pki
> docker-compose up backend

Enter the client container

> docker-compose run --rm client bash

Test open vhost

This should work.

> curl http://open.backend.test

Test secure vhost

This should fail because the signing CA is not in the client's trust store.

> curl https://secure.backend.test

This should work.

curl --cacert ./test-ca.pem https://secure.aam.test

Test client cert validating vhost

This should fail because the signing CA is not in the client's trust store.

> curl https://client.backend.test

This should fail because the client cert is not presented.

curl --cacert ./test-ca.pem https://client.backend.test

This should work.

> curl --cert ./client.pem:password --cacert ./test-ca.pem https://client.backend.test

Useful links

How to create your own SSL certificate authority Client-side SSL AWS API-Gateway client authentication and Nginx Nginx add client cert

Relevant Nginx docs

ngx_http_proxy_module ngx_http_ssl_module ngx_stream_proxy_module (not used here but useful if you want to proxy something other than HTTP)