diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
index 58803c5ed..7ef4273a6 100644
--- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
+++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx
@@ -28,7 +28,7 @@ import RemediationSupportBadges from "@site/src/components/remediation-support-b
💬 Discourse
-
+
A lua Remediation Component for Ingress Nginx Controller.
@@ -227,6 +227,36 @@ API_URL=http://:
CrowdSec local API URL.
+### `USE_TLS_AUTH`
+
+> boolean
+
+```bash
+USE_TLS_AUTH=false # default
+```
+
+Enable mutual TLS (mTLS) authentication for secure communication with CrowdSec Local API. When enabled, the bouncer will use client certificates for authentication instead of API keys.
+
+### `TLS_CLIENT_CERT`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_CERT=
+```
+
+Path to the client certificate file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
+### `TLS_CLIENT_KEY`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_KEY=
+```
+
+Path to the client certificate's private key file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
### `BOUNCING_ON_TYPE`
> all | ban | captcha
diff --git a/crowdsec-docs/unversioned/bouncers/nginx.mdx b/crowdsec-docs/unversioned/bouncers/nginx.mdx
index aa56798fe..1a614cb72 100644
--- a/crowdsec-docs/unversioned/bouncers/nginx.mdx
+++ b/crowdsec-docs/unversioned/bouncers/nginx.mdx
@@ -32,6 +32,7 @@ import RemediationSupportBadges from '@site/src/components/remediation-support-b
Mode
Appsec
Metrics
+ MTLS
/>
A lua Remediation Component for nginx.
@@ -185,6 +186,11 @@ SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/captcha.html
CAPTCHA_EXPIRATION=3600
+# mTLS Configuration
+USE_TLS_AUTH=false
+TLS_CLIENT_CERT=
+TLS_CLIENT_KEY=
+
## Application Security Component Configuration
APPSEC_URL=
#### default ###
@@ -378,6 +384,36 @@ API_URL=http://:
CrowdSec local API URL.
+### `USE_TLS_AUTH`
+
+> boolean
+
+```bash
+USE_TLS_AUTH=false # default
+```
+
+Enable mutual TLS (mTLS) authentication for secure communication with CrowdSec Local API. When enabled, the bouncer will use client certificates for authentication instead of API keys.
+
+### `TLS_CLIENT_CERT`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_CERT=
+```
+
+Path to the client certificate file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
+### `TLS_CLIENT_KEY`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_KEY=
+```
+
+Path to the client certificate's private key file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
### `BOUNCING_ON_TYPE`
> all | ban | captcha
diff --git a/crowdsec-docs/unversioned/bouncers/openresty.mdx b/crowdsec-docs/unversioned/bouncers/openresty.mdx
index 113b064d7..7a103aa2f 100644
--- a/crowdsec-docs/unversioned/bouncers/openresty.mdx
+++ b/crowdsec-docs/unversioned/bouncers/openresty.mdx
@@ -26,6 +26,7 @@ import RemediationSupportBadges from '@site/src/components/remediation-support-b
Mode
Appsec
Metrics
+ MTLS
/>
A lua Remediation Component for OpenResty.
@@ -163,6 +164,10 @@ SITE_KEY=
CAPTCHA_TEMPLATE_PATH=/var/lib/crowdsec/lua/templates/captcha.html
CAPTCHA_EXPIRATION=3600
+# mTLS Configuration
+USE_TLS_AUTH=false
+TLS_CLIENT_CERT=
+TLS_CLIENT_KEY=
## Application Security Component Configuration
APPSEC_URL=
@@ -367,6 +372,36 @@ API_URL=http://:
CrowdSec local API URL.
+### `USE_TLS_AUTH`
+
+> boolean
+
+```bash
+USE_TLS_AUTH=false # default
+```
+
+Enable mutual TLS (mTLS) authentication for secure communication with CrowdSec Local API. When enabled, the bouncer will use client certificates for authentication instead of API keys.
+
+### `TLS_CLIENT_CERT`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_CERT=
+```
+
+Path to the client certificate file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
+### `TLS_CLIENT_KEY`
+
+> string (path to file)
+
+```bash
+TLS_CLIENT_KEY=
+```
+
+Path to the client certificate's private key file for mTLS authentication. This option is only used when `USE_TLS_AUTH` is set to `true`.
+
### `BOUNCING_ON_TYPE`
> all | ban | captcha