nginx
15 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
server {
listen 443 ssl;
server_name internal-api.example.com;
ssl_certificate /etc/nginx/tls/server.crt;
ssl_certificate_key /etc/nginx/tls/server.key;
ssl_client_certificate /etc/nginx/tls/ca.crt;
ssl_verify_client on;
location / {
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_pass http://api_upstream;
}
}
1 file · nginx
Explain with highlit
mTLS is one of the cleanest ways to tighten internal service trust when you control both sides of the connection. I use it for sensitive east-west traffic where bearer credentials alone are too weak. Certificate lifecycle and revocation planning matter just as much as the TLS flags themselves.
Share this code
Here's the card — post it anywhere.