Can I use Nginx as a reverse proxy for Kong?

[tmdonalds]

I am using certificate authentication with OpenIDC Keycloak. I would like to have nginx as a reverse proxy to kong. The reason for this is so that I could do something like the following.

 # Enable client certificate authentication
 nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
 # Create the secret containing the trusted ca certificates
 nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
 # Specify the verification depth in the client certificates chain
 nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
 # Specify an error page to be redirected to verification errors
 nginx.ingress.kubernetes.io/auth-tls-error-page: "http://www.mysite.com/error-cert.html"
 # Specify if certificates are passed to upstream server
 nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"

I can not find a way to do something similar in kong. So I would like to have nginx sit in front of kong and then route all request from nginx to kong after being authenticated by keycloak. Is this possible?

[fffonion]

Hi @tmdonalds, if I understand correctly, you are trying to configure Kong to accept requests that are authenticated by
client certificates. That feature is in Enterprise offering as [mtls auth plugin](https://docs.konghq.com/hub/kong-inc/mtls-auth/l;
without the plugin, you an still inject nginx directvies (http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client)
to do the similar feature, just that all Routes in Kong are expected to be authenticated by the same client cert auth.

[tmdonalds]

Thank you so much. This is exactly what I needed.