ssl certificate – setup nginx to require client certs for all but a given source IP

I’m looking for a setup where I’d like to have SSL client certificates for all but one source IP.

My idea is to set

 ssl_verify_client optional;

and to add an elaborate if statement to the locations.
However I don’t know how to write such an if statement.

  # this requires ssl client certificates for all locations
  location / {
    if ($ssl_client_verify != "SUCCESS") { 
       return 403; 

  # now what to write to require ssl certs except if source IP is e.g.
  location /two {
    if (?????) { 
       return 403; 

How to use self signed certs for SSL/TLS IMAP and SMTP.

If you have an SMTP or IMAP server that has a self signed certifcate, you will need to make 2 file edits to prevent a connection failure.


paste this after