I have a Debian Jessie machine setup with NGINX and TOMCAT8. TOMCAT is running Guacamole. NGINX is setup to listen on port 443 (SSL) and reverse proxy to the local TOMCAT on 8080. Everything is working fine. When I add the ssl_client_certificate directive I got a blank page in the browser (Safari MacOS and iOS) instead. It works on Firefox. Nevertheless, with the client certificate I'm still able to connect to other locations in NGINX without issue (calibre location below for instance). TOMCAT is configured out of the box.
Here is my NGINX config file:
server {
listen 443 ssl;
server_name domain.eu;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate /etc/letsencrypt/live/domain.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.eu/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.eu/chain.pem;
ssl_client_certificate /etc/nginx/certs/ca.pem;
ssl_verify_client on;
location /guacamole/ {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location /calibre {
proxy_pass http://192.168.1.z:8080/calibre;
proxy_set_header Host 192.168.1.z:8080;
proxy_redirect default;
}
}
Any help would be much appreciated. Laurent
