[caddy2] how to use certificate to reverse proxy upstream https

i use caddy2 to reverse proxy upstream site, The specific request process goes like this 1, user sends an HTTPS request to the Caddy server using the browser 2, when caddy get the request from step 1, sends HTTPS request to the upstream site

i download the upstream site https certificate to my disk , add the certificate path in the following two configurations in caddy.json:

apps/http/servers/routes/handle/reverse_proxy/transport/http/tls/client_certificate_file apps/http/servers/routes/handle/reverse_proxy/transport/http/tls/client_certificate_key_file

before i run caddy, i do: 1, i configure aa.xxxx.cn point to my server on dynamic DNS provider 2, i configure aa.xxxx.cn point to upstream ip in my /etc/hosts

this ensures that the match host and upstreams deal use the same host can works fine

caddy: v2.1.1 os: ubuntu

here is my caddy.json, `{ "apps": { "http": { "servers": { "test1": { "listen": [":80",":443"], "routes": [ { "match": [ { "host": [ "aa.xxxx.cn" ] } ], "handle": [ { "handler": "reverse_proxy", "transport": { "protocol": "http", "tls": { "client_certificate_file":"/home/xxx/applications/caddy/aa.xxxx.cn/aa.xxxx.cn.crt", "client_certificate_key_file":"/home/xxx/applications/caddy/aa.xxxx.cn/aa.xxxx.cn.key" } }, "upstreams": [ { "dial": "aa.xxxx.cn:443" } ] } ] } ] }

}
}

} }`

when i configure like this,it works!

but when i delete the tls/client_certificate_file and tls/client_certificate_key_file configurations,it not works!

This is not a normal request way,because in https request,there is no need to save the server's certificate in advance, just when client send https request to server,server send it's certificate to client ,client verify the certificate,if ok ,client and server can communicate normally

Is there a problem with the way I'm using Caddy???

caddyserver / caddy

[caddy2] how to use certificate to reverse proxy upstream https #3547