reverse proxy with mTLS does not send client certificate to upstream

Andrej van der Zee andrejvanderzee at
Thu Oct 27 11:56:25 UTC 2022


I am trying to setup an TLS auth reverse proxy with proxy_ssl_certificate
and proxy_ssl_certificate_key like below:

http {
  server {
    listen       8080;

    location ~ /mimir/(.*)$ {
      proxy_pass                https://<upstream-domain>/$1;
      proxy_ssl_certificate_key /etc/nginx/tls-auth/mimir/tls.key;
      proxy_ssl_certificate     /etc/nginx/tls-auth/mimir/tls.crt;

Somehow the nginx reverse proxy does not send the configured client
certificate, resulting in the error below from my upstream server:

<head><title>400 No required SSL certificate was sent</title></head>
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>

What am I missing?

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list