I have a REST API server application that authenticates users exclusively via X.509 authentication implemented with Spring Security, using the Common Name (CN) from the client certificate directly as the username. The application works perfectly when accessed directly. However, how should I configure Nginx if I want to access it indirectly through Nginx?
All the approaches I've seen involve performing mutual TLS (mTLS) authentication in Nginx first and then passing the CN to the backend server—but that would require me to modify my application's authentication logic, which I'd prefer not to do.
Is there really no other way? I also can't use TCP-level stream forwarding, because this Nginx instance is already serving other web applications on port 443, and I don’t want to open an additional port.
Additionally, I'm using WebFlux.
