nginx – Pass client certificate through proxy to the backend service

first of all, I searched through everything related to my question on this site, and still I dont have clarity on this issue…

as it can be seen in this image I have two services that need to communicate with each other, here are some details:

  • service1 calls service2
  • service2 requests client cert
  • i need to have proxy between these two (because of law compliance in certain country)
  • service2 and proxy have different dns names and need to have proper domain certs

What I have tried up until now:

  • nginx http reverse proxy – this will not do since it works on layer 7 (recreates the connection); i did not figure out the way to pass the client cert (few solutions found on this site did not work for me)
  • nginx tcp load balancer (works on layer 4) – might work, but I did not come to a config that works for me

Bottom line question if it is even possible to for my best case scenario to work?
Which is to configure it to pass client cert from service1 to service2 without any TLS termination on the proxy (except domain cert).