Best way to enable / forward AppBased cert auth to backend

[chris8205]

Hi,

i'm struggeling with enabling auf Cert-Auth forward with nginx-ingress

normal forward operations are done.
but it seems, that nginx isn't passing the Cert-Auth to the Upstream-Backend...

i've tried the following things over "configmaps"

data:
location-snippets: |
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
proxy_set_header SSL_CLIENT_CERT $ssl_client_escaped_cert;
proxy_pass_request_headers on;

but i can't see @Backend-Site the headers if i add a "Test-Header"
proxy_set_header TestHeader "Test-Header";

it is properly passed to the backend...
Also customized headers injected from the client

maybe i'm in the woods... and i can't see the solution... but maybe some one else had already this pain / issue

Thank you

[chris8205]

@vepatel do you know something about forwarding client-auth-cert so upstream / backend-server

[pdabelf5]

The way to pass TLS authentication to the backend application is to make use of the TLS passthrough feature.
See

• https://docs.nginx.com/nginx-ingress-controller/configuration/transportserver-resource/
• https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#-enable-tls-passthrough
• https://github.com/nginx/kubernetes-ingress/blob/main/examples/custom-resources/tls-passthrough/README.md