souzens opened a new issue #4108: URL: https://github.com/apache/apisix/issues/4108
### Issue description We have a problem, there is a certification auth service needs to be a two-way client certificate verification, the traditional approach is to provide a certificate issued by the application itself and provide HTTPS service, but as the upstream, the certificate validation https request is currently unity process by apisix , and then pass the request transparently to the upstream service. The problem caused by this the certificate on APISIX and the certificate issued by the auth authentication service may not be the same set of certificates, and it is not suitable to put the certificate on apisix for management. The method I thought of: One is to transfer the request directly to the upstream service through apisix's tcp transparent transmission The second is that instead of using apisix, use slb to forward tcp requests to upstream services Can APISIX pass the request directly to the back end without verifying the certificate? Is there a better way? ### Environment * apisix version (cmd: `apisix version`): 2.4 * OS (cmd: `uname -a`): k8s * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): * etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): 3.4.9 * apisix-dashboard version, if have: 2.5 * luarocks version, if the issue is about installation (cmd: `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
