Nginx plus support, client certificate authentication offloading. And if nginx can route by sni to split request to port 443 from client, above topic will solve. https://www.nginx.com/blog/nginx-plus-iot-security-encrypt-authenticate-mqtt/ I’m asking to help caddy-l4 author to achieve the same thing with caddy-l4 right now.