/etc/nginx/sites-enabled/default
server {
listen 80 default_server;
root /var/www/example;
index index.php;
server_name localhost;
location / {
try_files $uri/ /index.php
}
...
}
This works just fine. I do not have SSL installed on that instance. I want to prevent access to my api (spread out to multiple EC2 instances) except for the calls coming from AWS API-Gateway. I created a client certificate under the API Gateway console (.pem) and I added the following to the nginx configuration:
server {
listen 443;
ssl on;
ssl_client_certificate /etc/nginx/ssl/cert.pem;
ssl_trusted_certificate /etc/nginx/ssl/cert.pem;
ssl_verify_client on;
root /var/www/example
index index.php;
server_name localhost;
location / {
try_files $uri /index.php
}
...
}
Error log says ' no ssl_certificate is defined for the "ssl" directive in /etc/nginx/sites-enabled/default:24 '. Ok, fair enough. I tried a few other tricks from nginx docs but no luck. What about by-passing the certification and add if-then to nginx config to accept traffic only from API Gateway? How can it be done? What's the best way to do this without requiring SSL on the receving end, in your opinion?