It would be cool to be able to specify a client cert+key here to say whether a target is healthy, this is in the situation where a client key and cert need to be provided to access the page
eg: a curl that needs to pass both a client key and client cert, as well as the ca in order to achieve an http 200.
curl https://upstream/health --cacert ca.crt --cert client.crt --key client.key
Since 1.4 we’ve been able to pass a client.crt and client.key via http directives to get the proxy part of it working, maybe these same env vars could be used for healthchecks if ssl_verify is enabled?
Healthchecks at the moment are a little dumbed down for this situation, either check tcp port, or ignore ssl verification and treat 400s as healthy. It may still show healthy even if a cert has expired for example.