We are using this same approache as per Configure Nginx to forward client certificate to backend
Which is :
- Client laptop –> HTTPS+ Client Cert –> NGINX –> HTPS + Client Cert –> Service1
- Client laptop –> HTTPS+ Client Cert –> NGINX –> HTPS + Client Cert –> Service2
The above approach is working fine and we can confirm that we could see the client SSL Certificate showed up in the log (service1 or service2)
And incase of the Service1 or Service2 is down or exhausted (will return HTTP 503) , we add the “failover” mechanism to route to another NGINX in another region
- Client laptop –> HTTPS+ Client Cert –> NGINX1 –> HTPS + Client Cert –> Service1 (If HTTP 503) –> NGINX2 –> HTPS + Client Cert –> Service11
- Client laptop –> HTTPS+ Client Cert –> NGINX1 –> HTPS + Client Cert –> Service2 (If HTTP 503) –> NGINX2 –> HTPS + Client Cert –> Service21
However with this above “failover” approach , we are not seeing any client cert received at service11 or service21 (simply prints {x22errorx22: x22no client certificatex22}
)
yes, we tried setting this
proxy_ssl_session_reuse on;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
or
proxy_set_header X-Client-Cert $ssl_client_escaped_cert
And we are not seeing any client certificate being forwarded to “failover” nginx., any ideas is appreciated. And yes, we are using nginx 1.25.5