Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
demonca132022-01-31 12:20:26
Nginx
demonca13, 2022-01-31 12:20:26

How to display CN=username of certificate in Nginx access logs?

I have a Centos server with Nginx that redirects HTTPS requests to another server with certificate verification on the client. For employees, certificates are created individually with the employee's name in the CN field.
I would like to display the CN in the Nginx logs, since all employees will connect through the same IP address.

I will be glad to any advice.

Nginx config

user nginx;
worker_processes auto;
pid /run/nginx.pid;

events {
  worker_connections 768;
}

http {
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  server_tokens off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  gzip on;
  gzip_disable "msie6";

  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  server {
    listen 80;
    server_name #SITE NAME#;
    return 301 https://#SITE NAME#;
  }

  server {
    listen 443 ssl;
    server_name #SITE NAME#;

    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_certificate /etc/nginx/ssl/ssl.crt;
    ssl_certificate_key /etc/nginx/ssl/ssl.pem;

    ssl_client_certificate /etc/nginx/ssl/ssl.crt;
    ssl_verify_client optional;

    


    location / {
      if ($ssl_client_verify != SUCCESS) {
        return 403;
      }

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          #SITE NAME#;
      proxy_read_timeout  90;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      proxy_redirect      http://localhost:80 https://#SITE NAME#;

    }
  }
}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir Korotenko, 2022-01-31
@demonca13

it ?
https://awmanoj.github.io/tech/2017/06/13/using-ng...

Similar questions
A
Aracon2018-01-13 13:12:07
How to make a multi-tenant application from a regular PHP application? Are there ready-made frameworks for such a task? 2Reply
A
Andrew Lays2015-08-07 23:54:29
How to make a normal 404 error? 2Reply
P
PoliceDogs2019-12-15 02:07:43
How to change the domain in the search engine? 0Reply
T
TopGun892017-07-18 15:18:21
How to ban bots using nginx? 2Reply
Q
q554342017-07-18 15:20:42
How to make a 301 redirect in nginx from all domains and subdomains to one? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question