3

I have googled around and it seems like nginx does not provide a way to do client-side TLS verification based on the path. I just wanted to ask the community if this is still the case, or if there is some sort of a work around.

I am basically trying to have an admin page domain-name/admin where accessing the public domain name requires only server-side TLS verification but I want to have mutual TLS verification only for the /admin path. Is this even possible without having to get a new domain for admin?

Improve this question

1 Answer 1

Reset to default
5

The reason for this is because nginx doesn't learn the path (part of the request) until after the TLS layer is set up, so it can't go back in time and change its mind about requiring a client cert.

Another work-around may be to redirect /admin to another hostname e.g.admin.domain-name (you'd need a wild-card cert), and then it should be able to enforce client certs at that level.

Otherwise if you try making the client cert optional, every client will get a dialog popup asking them to choose a client cert.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .