我有一个ca证书包试图在浏览器级别的nginx上集成客户端证书身份验证我无法获得提示要求为ssl身份验证发送证书的提示.我不确定在这里错过了什么,这方面的任何帮助都将受到高度赞赏.
以下是nginx的配置
#
# HTTPS server configuration
#
server {
listen 10.0.111.118:8443;
ssl on;
server_name reverseproxy.in;
### SSL cert files ###
ssl_certificate conf.d/MonetServer.cer;
ssl_certificate_key conf.d/MonetServer.key;
ssl_client_certificate conf.d/Bundle.crt;
ssl_verify_client on;
server_tokens off;
access_log logs/ssl/esmarts-access.log;
error_log logs/ssl/esmarts-error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Floof-SSL-Client-Serial $ssl_client_serial;
proxy_set_header X-Floof-SSL-Client-Verify $ssl_client_verify;
### We want full access to SSL via backend ###
location / {
proxy_pass http://10.0.111.125:8080/esmart/index.html;
### force timeouts if one of backend is died ##
proxy_next_upstream error …我试过从下面提到的方法中获取ip
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] &
Request.UserHostAddress & Request.ServerVariables["REMOTE_ADDR"]
问题是Request.ServerVariables["REMOTE_ADDR"]返回代理服务器IP并且
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]可以被篡改我想要一个万无一失的获取客户端IP的方法,这种方法无法被篡改,在这方面的任何帮助都将受到高度赞赏.