I've been using Traefik for automated https on Kubernetes cluster and it has been working great! Now, I actually want to disable the termination at the Traefik level and just let my backend handle https as well as client certificate authentication.

Currently, this is my setup

Config.toml

defaultEntryPoints = ["http","https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  compress = true
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/ssl/tls.crt"
      KeyFile = "/ssl/tls.key"

And this is my ingress on Kubernetes

apiVersion: v1
kind: Service
metadata:
  name: backend-svc
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: backend
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: backend-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
    - secretName: tls-cert
  rules:
  - host: somewhere.com
    http:
      paths:
        backend:
            serviceName: backend-svc
            servicePort: 80

This has served me well for the past three months, but with this configuration my backend fails to locate client certificate in the incoming requests.

Normally, I'd redirect from port 80 to 443 upgrade. Now, when I try to do the ingress directly to 443 it gives Internal Server Error. And when I try to add this to ingress annotations

traefik.frontend.passTLSCert: true # Gives 404 Error.
traefik.frontend.passTLSCert: "true" # Gives Bad Gateway Error

Any help at all is highly appreciated.

Thank you.