diff --git a/nginx/nginx_https_2/README.md b/nginx/nginx_https_2/README.md
new file mode 100644
index 00000000..f29b081b
--- /dev/null
+++ b/nginx/nginx_https_2/README.md
@@ -0,0 +1,5 @@
+# Nginx with App
+
+Nginx serves as a proxy, and terminates the ssl from client.
+
+Nginx1 (mutual tls) --> Nginx2 (ssl terminate) --> app
\ No newline at end of file
diff --git a/nginx/nginx_https_2/docker-compose.yml b/nginx/nginx_https_2/docker-compose.yml
new file mode 100644
index 00000000..017b89f3
--- /dev/null
+++ b/nginx/nginx_https_2/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3'
+services:
+  nginx1:
+    image: nginx:1.20
+    container_name: nginx1
+    volumes:
+      - ./nginx1.conf:/etc/nginx/nginx.conf
+      - ./ssl:/etc/nginx/ssl
+    ports:
+      - 80:80
+      - 443:443
+
+  nginx2:
+    image: nginx:1.20
+    container_name: nginx2
+    volumes:
+      - ./nginx2.conf:/etc/nginx/nginx.conf
+      - ./ssl:/etc/nginx/ssl
+    ports:
+      - 8080:80
+      - 8443:443
+  app:
+    image: python:3.7
+    container_name: app
+    expose:
+      - "80"
+    command: python3 -m http.server 80
diff --git a/nginx/nginx_https_2/nginx1.conf b/nginx/nginx_https_2/nginx1.conf
new file mode 100644
index 00000000..f6d7f5db
--- /dev/null
+++ b/nginx/nginx_https_2/nginx1.conf
@@ -0,0 +1,60 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #include /etc/nginx/conf.d/*.conf;
+
+    upstream nginx2 {
+		server nginx2:443;
+	}
+
+    upstream app {
+		server app:80;
+	}
+	server {
+		listen 80;
+		location / {
+			proxy_pass http://app;
+		}
+	}
+
+	server {
+		listen 443 ssl;
+
+		ssl_trusted_certificate  /etc/nginx/ssl/server1.crt;
+		ssl_certificate          /etc/nginx/ssl/server1.crt;
+		ssl_certificate_key      /etc/nginx/ssl/server1.key;
+		location / {
+			proxy_pass https://nginx2;
+			proxy_ssl_certificate  /etc/nginx/ssl/server1.crt;
+			proxy_ssl_certificate_key   /etc/nginx/ssl/server1.key;
+			#proxy_set_header Host $host;
+			#proxy_set_header X-Real-IP $remote_addr;
+			#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			#proxy_set_header X-Forwarded-Proto $scheme;
+		}
+	}
+}
\ No newline at end of file
diff --git a/nginx/nginx_https_2/nginx2.conf b/nginx/nginx_https_2/nginx2.conf
new file mode 100644
index 00000000..bcf36bc5
--- /dev/null
+++ b/nginx/nginx_https_2/nginx2.conf
@@ -0,0 +1,58 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #include /etc/nginx/conf.d/*.conf;
+
+    upstream backend {
+		server app:80;
+	}
+
+	server {
+		listen 80;
+		location / {
+			proxy_pass http://backend;
+		}
+	}
+
+	server {
+		listen 443 ssl;
+		ssl_client_certificate   /etc/nginx/ssl/server1.crt;
+		ssl_verify_client      on;
+
+		ssl_trusted_certificate  /etc/nginx/ssl/server2.crt;
+		ssl_certificate          /etc/nginx/ssl/server2.crt;
+		ssl_certificate_key      /etc/nginx/ssl/server2.key;
+
+		location / {
+			proxy_pass http://backend;
+			proxy_set_header Host $host;
+			proxy_set_header X-Real-IP $remote_addr;
+			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header X-Forwarded-Proto $scheme;
+		}
+	}
+}
\ No newline at end of file
diff --git a/nginx/nginx_https_2/ssl/gen_certs.sh b/nginx/nginx_https_2/ssl/gen_certs.sh
new file mode 100644
index 00000000..2d0aac30
--- /dev/null
+++ b/nginx/nginx_https_2/ssl/gen_certs.sh
@@ -0,0 +1,9 @@
+openssl req \
+	-x509 \
+	-nodes \
+	-days 3650 \
+	-newkey rsa:2048 \
+	-keyout /root/server2.key \
+	-out /root/server2.crt
+
+# Enter "*.net" (without quotes) as "Common Name"
diff --git a/nginx/nginx_https_2/ssl/server1.crt b/nginx/nginx_https_2/ssl/server1.crt
new file mode 100644
index 00000000..93008b98
--- /dev/null
+++ b/nginx/nginx_https_2/ssl/server1.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIURFu7iX8+iLUXefTUMhV5HkviJJ8wDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
+VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLmNvbTAeFw0yMjAyMDIyMzU0
+MjFaFw0zMjAxMzEyMzU0MjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
+MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRVhWlCMpKJAaWVI+U
+aOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUdqt1E
+gGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubqnqSX
+DC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5ndg5+L
+OnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe89vN
+Cm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+Ojuh
+3n2NAgMBAAGjUzBRMB0GA1UdDgQWBBQkfe744BxH3XaZlWvXq54YFmp9MDAfBgNV
+HSMEGDAWgBQkfe744BxH3XaZlWvXq54YFmp9MDAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCuH6jvESJQAzBGnKTHNlLmaX5OWJ2tFx78mRkLgbPC
+kL1uTwH7aQfga+TjnEPT5rSftnATaR0k8vxLSIT3KEpHrFZ4hHr1UwqikJGkmAYa
+TlFXLvX8eX8bo6NxECHz7OBOGzvUxBY9tm7NdojHk7XfOY5gJSbnpFQxNcdpk7jd
+y56nqAI/zhaDoCcrdxpvEBT657+NAaBfCJeH8ivudAQffaAJ9/c68HWHCr+tyQQw
+Vr6s6QMMKAZWJhUNKFVhNZczT+WcpqbQEuab1LJsut4pm72CUayq92vm7+jwiyCP
+TaKrNkcWug74xzzxvZtvtAO8rKRjyI/VZRB8sT6W2ey6
+-----END CERTIFICATE-----
diff --git a/nginx/nginx_https_2/ssl/server1.key b/nginx/nginx_https_2/ssl/server1.key
new file mode 100644
index 00000000..2b40a12f
--- /dev/null
+++ b/nginx/nginx_https_2/ssl/server1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRVhWlCMpKJAaW
+VI+UaOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUd
+qt1EgGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubq
+nqSXDC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5nd
+g5+LOnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe
+89vNCm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+
+Ojuh3n2NAgMBAAECggEBAKXxh9b70OBVDqO9BNSxD47aSNXR81UBE2ErCa2MwARn
+6ANLF19ZV+vd+dXSgrq/ToyJPIn7saAncEbEXAMhgVZ42MChqB9QX/Alh3UpvLr4
+fdm4xcIDmhE2UwgrO+Qh9mrOaIr+8qJDdOooOHFExxzOhWrzPVoQ8oPTpb3kXHbz
+nB9OiTertbw4YHABx9+7Xg+L3d/4+69khYaG369HonnJMc/4YIsgHhomv7x1fWzg
+LSSIiUyHMnhPss8hWAL0YBIkfB+XwwEJ1tt45QZCr2GVICZ+AzU1j6DnxM4/V8lF
+QWZq2FiwbWvXLo89m4ZrqfhgzxoTK9cuULw37fPv2gECgYEA6aLidpJ6UwvNZRkL
+soOV0UfWKAJoAt5L6Uz6J32rg1jIKSKg5qzk7dp2u24iVriCA8chOnVia90bpbQ5
+gTX3zNlpBedly7rZvZQJnbr82xFBkJfRU5AZ90W+RLWPijAZjp5MYKBEuVbs84Q9
+eFpZT/nz563isJo6In5vSay8KHkCgYEA5V++PWbawXQ4x2+PyglQunFTZy6M/Fha
+QtdGqL87bK6Xo9my/As2NhvH/2HLGgXcXGxq2ppE2E59NOZIsUpcEj9Hvhyb5e5E
+0Rn0kX1Rq417xIVn8zBqgjd8DKQc07ih6JqANNtste0ZIGHQ2xC7xTKNBYTxCXTh
+EVc0n0XM4LUCgYBssu7AEdg9qQEPpz5s+JGMg+qcRLpVk00oJzs/glV4z6aYlNbd
+W9VK4FhbTZtGU6OR1GSeSRzYaE/DoX0bo5s9wGz/ZTBUQAOsEyMCMowP9BBYEHpA
+cYvTIqyqVPqKZWSOmRGZ5xbyUAIALidXRlnFPtp+kMUmOysO/1oRof8MqQKBgQCe
+miltQ6WXhsmL/bQrO226vYmyGxoZku42sayGGlT4vXDVNz7v0MDXgTY1fGV3xP2u
+Wrk4FtvrxboFzgYNsSEg7OiqqBWUU8D55TybLVA/k0E1jhlmqt+60qrQAtp7+3rY
+35wu8FqnIR7yqTBFibiMjnu8iUQyCcNmvioAx7720QKBgQC9pafeUYCRYlz0mYFN
+p4S4GPKO7E2s/UVt/c9PLWMFoSqc07VosuY4JgmYLFsB1lnOL3WvxP3A+8If1NEz
+xJ7bpLcTIxwvabJBDgkcCVHJo3J46ze/gIMppu7J9SuGYc0Yr4gcZcF9jiPxdFxE
+3WTHcQzWfnv1cSEfzWLHk2zAbg==
+-----END PRIVATE KEY-----
diff --git a/nginx/nginx_https_2/ssl/server2.crt b/nginx/nginx_https_2/ssl/server2.crt
new file mode 100644
index 00000000..56eab67b
--- /dev/null
+++ b/nginx/nginx_https_2/ssl/server2.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIUB8iDeBEFCI5nB+ZcptyBiK8CSugwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
+VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLm5ldDAeFw0yMjAyMDMwMDI4
+MzhaFw0zMjAyMDEwMDI4MzhaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
+MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5u
+ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZfsjmr38jGNBlwXcU
+tLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dnalHU+
+5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9ViigLi2
+GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c0gzo
+hlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOjvaJo
+5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mNc/f6
+KiNDAgMBAAGjUzBRMB0GA1UdDgQWBBQO64TaLjr1mC9yuIQVnIp3+xvPHTAfBgNV
+HSMEGDAWgBQO64TaLjr1mC9yuIQVnIp3+xvPHTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQB6ybZzfFMWG2CNZBvvlSi2RoIOoQ7Ra9QD8aC6py5j
+zJi3RVV/NxJz7ODdE3Y8uOo8Gi7owQCFBrKXESKTsoT+uoD1mV7sWqXTkjgVNbMJ
+lbOpTdZisWG4/6BLVKIYf1TnEv5uWzr9k/2VP86LLZra/T0fntE6qFfBISXBicTt
+uePPO3v2EW4u19hqdXgZz5UxpCJoAGV2H+HGknvhqzoiEy6IWGfda7QU0vyvrjiU
+SPlz9mlSbWIBlP34aay37OET9yD0jqakg7r7Uvc2daBa4vkaZyNn4IIuw13rr2fV
+6oUX5Y2bioaF+2BwVzz5A0O9qShuzTbFiqgRLcQyPadr
+-----END CERTIFICATE-----
diff --git a/nginx/nginx_https_2/ssl/server2.key b/nginx/nginx_https_2/ssl/server2.key
new file mode 100644
index 00000000..1bed92b2
--- /dev/null
+++ b/nginx/nginx_https_2/ssl/server2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZfsjmr38jGNBl
+wXcUtLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dna
+lHU+5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9Vii
+gLi2GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c
+0gzohlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOj
+vaJo5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mN
+c/f6KiNDAgMBAAECggEAEq1sm0Le7CipXNOsYj7SRpR3Chl+r+Dz4s5HR2dxFJPV
+nNgISSqLe+swWyRoBuxaEzK40+4hFNgkWTz+hJQe774M6iaxfqonYiBokMjVk7lk
+eqzdwmqfmVcJt8rupP/wjVU9Wnsc7qnjHrFnK1xOVoA2Z4iq0rRoIbUUYmVBk89x
+cFH2bFQWLghry8pOa4lzwLPnD8BFduTNKk8GZWlQIIh+Pbtp24KhM6pau0qHZnyT
+qPb8ZNzt71hWKYHIsqqB6BQm0EizhKg8Aax21cdUP61YAq15IxcaXppmVaNrpCJK
+yDxLLsRY1JygTCZ8jiaA2KDs31k0hAbYNDi3x3q3AQKBgQD65MAcexwfsSQ5RrIK
+8HKFAhmc2qPiXWTyLlDzXrVlaHEv8adVuuq/0mYlRl6EONyUw8Wxk6BtQw4NoCp8
+FWpFE1b5ORqE9uKxNNWXoKPvyg8g4ALvdgqDvxHBT69XE3c43aTiz+snUhgog1MM
+7PNuqiI5ix0DGIZS1rG9ZYSl4wKBgQDd7ARCwNUUizLZlLCTYRTprUykLkqsPFOr
+5Dcycf6Li1wTw1gq1DXQfkywke0NS/gFDr8bqylyxUO88wlNIYf5PB5oekCNMZ1g
+OEz/8gASmQAchpnZYQtpGDhLYZzMZjC074fUCrySJiQ3WS6U+OI0ES+odaaDWBIu
+YBwcXlALIQKBgQD0TxXHZhYPwkX8xBuRTWymmlHojHszbTBkJ7fKFLpcoiQ9xHnm
+oFoBKlcvCuP0qw4Yir6SWafJXZdsqz9TjuLpmpiBnRp2yZYbatBmkxWv5TlwENKq
+7W31tnQKopaiGyFoLWRnPIHGy0kdAiw4FPBDHcav9AfvQM1kEw4G2LkfcwKBgQCK
+12CLCu3E3pm/uuEGM9TLpdqvVS7utwd6IVvPObaRQ20mCC8fDIlmmb4NMh7nFMJl
+F6bE/r79ySDqE/ubwAC8E7rKjsHYFFRroI28C4G0IPkK38NdVvO2mqqNrtJUpxKO
+ANYv+U+k+CvsXOVh2pxbCu2QLZsxzWYCkarErNTTQQKBgFbdLb1GRQvZRblxAUuv
+p75DiebRyCBsY6yXYc03VmsKw7N0+gehqh8pYPeN736GIkQH/4Ufbf8Fswe1Cnms
+fpZfKm/3DovMrMMiA+BWInA+Yhra6c186k/wq0wmhRtUkvbZN70n2FJ3vQ9kbphn
++G/n6zv32ON3qsiZHVqTdvyl
+-----END PRIVATE KEY-----