Your in-principle acknowledgement that the approach is feasible and could possibly work gives me the confidence to move to a proof-of-concept. It’s been a long, but interesting journey to get to this point.
@Rob789’s wiki article Use Caddy for local HTTPS (TLS) between front-end reverse proxy and LAN hosts was really the catalyst for me to take a closer look at mTLS.
My personal journey with mTLS started on May 4 with mTLS under FreeBSD. The first big hurdle was the seemingly insurmountable system trust store issue for FreeBSD. Next were issues around the stability of mTLS in mTLS: tls internal error, which surprisingly appear to have recently been resolved indirectly through changes in Caddyfile design arising from Load balancing queries.The icing on the cake for me though was a solution yesterday for WordPress and mTLS. After weeks of unsuccessfully trying different things to get this to work, I still can’t believe an elegant solution was dropped on my lap yesterday.
There’s been plenty of frustration along the way. All the mTLS hurdles I faced now appear to have melted away. I could not have done it without your help @francislavoie . I’m ever so grateful and feel privileged to have had you on this drawn-out journey with me. It’s taken over two months and I’ve come out the other end battered, but confident about taking mTLS off the drawing board and moving it into production.