uwsgi_ssl_verify_depth
The `uwsgi_ssl_verify_depth` directive sets the verification depth for SSL certificates in uWSGI communications.
Description
The uwsgi_ssl_verify_depth directive is used to specify the depth of verification for SSL certificates when NGINX communicates with uWSGI servers over SSL. This setting is particularly useful in scenarios where NGINX serves as a reverse proxy to uWSGI applications that are equipped with SSL certificates.
By configuring the verification depth, you can control how many certificate levels will be checked in the certificate chain. The depth reflects how many intermediate certificates NGINX will traverse before reaching the trusted root certificate. An appropriate setting ensures that any invalid intermediary certificates do not allow a connection, contributing to more robust security practices. A higher depth value means greater verification detail but can complicate certificate setups if not properly managed.
The directive can be set in various contexts, including http, server, and location, allowing flexibility depending on how SSL connections need to be secured at different levels of the configuration. Setting it to 0 disables certificate chain verification, while a value of 1 verifies up to the immediate certificate level, typically sufficient for most configurations without excessive complexity.
Config Example
uwsgi_ssl_verify_depth 2;
Setting the value too high may cause connection failures if intermediate certificates are missing.
A value of 0 will disable verification, which may expose the application to security risks.
Ensure that your certificate chain is correctly configured for the depth you set, or requests may fail.