Hi.

I'm trying to host NGINX as a Load-Balancer in front of two instances of Keycloak Auth Server. Each Keycloak Server has a Keystore and Truststore to store the .crt and .key files.
First Keycloak instance runs on ports 8080 and 8443 (HTTPS port) and the second runs on ports 8180 and 8543 (HTTPS port). My requirement is to simply host NGINX as a load-balancer to proxy all SSL certificates (client certificates) sent in the request by the client to the Upstream (Keycloak Server Instances). I don't want NGINX to terminate SSL/TLS but to simply proxy/forward the certificates to the Keycloak Instances.
I have attached the docker-compose.yml and nginx.conf file for reference. Support on this would be of great help to me. Thanks in advance!

Regards,
Prashanth

Additionally, this is the modified nginx.conf file for reference. Any support or assistance would be of great help.



upstream keycloak_backend {

server kc1:8443;
server kc2:8443;

}

server {

listen 443 default ssl;
server_name localhost;
access_log /tmp/nginx_reverse_access.log;
error_log /tmp/nginx_reverse_error.log;
root /usr/local/nginx/html;
index index.html;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_certificate /etc/nginx/ssl/localhost.crt;
ssl_certificate_key /etc/nginx/ssl/localhost.key;
ssl_verify_client off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass https://keycloak_backend;

proxy_ssl_session_reuse off;
proxy_ssl_server_name on;

}
}



Cheers,
Prashanth