Answer the question
In order to leave comments, you need to log in
How to display CN=username of certificate in Nginx access logs?
I have a Centos server with Nginx that redirects HTTPS requests to another server with certificate verification on the client. For employees, certificates are created individually with the employee's name in the CN field.
I would like to display the CN in the Nginx logs, since all employees will connect through the same IP address.
I will be glad to any advice.
Nginx config
user nginx;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name #SITE NAME#;
return 301 https://#SITE NAME#;
}
server {
listen 443 ssl;
server_name #SITE NAME#;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.pem;
ssl_client_certificate /etc/nginx/ssl/ssl.crt;
ssl_verify_client optional;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass #SITE NAME#;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect http://localhost:80 https://#SITE NAME#;
}
}
}
Answer the question
In order to leave comments, you need to log in
it ?
https://awmanoj.github.io/tech/2017/06/13/using-ng...
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question