Hi Scott
Thanks a lot for your discussion here: Using reverse-proxied nginx and subdomain with self-hosted, Dockerized discovery server
Therefore I was able to setup my own discovery server / Apache reverse proxy installation. Unfortunately, I am not able to create my own topic within ‘howto’ category. Maybe my account is too fresh 
I have a SSL wildcard certificate (*.domain.tld). My Apache webserver has enabled the modules ‘ssl’, ‘headers’, ‘proxy’ and ‘proxy_http’. The following lines are required within the Apache config:
<VirtualHost x.x.x.x:443>
ServerName discovery.domain.tld
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateKeyFile /etc/apache2/ssl/cert.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
SSLProxyEngine On
SSLVerifyClient optional_no_ca
ProxyPass / http://internal.domain.tld:8443/
ProxyPassReverse / http://internal.domain.tld:8443/
RequestHeader set X-SSL-Cert "%{SSL_CLIENT_CERT}s"
</VirtualHost>
The two important steps are the same as in your solution. You have to request the client to present a certificate and you have to forward that certificate within the header to the discovery server.
Hint: It is not necessary to have a wildcard certificate. Without that you have to work with a deeper link structure: ssl.domain.tld/discovery and you have to change the two lines with ‘ProxyPass’ and ‘ProxyPassReverse’ accordingly.
At first I downloaded the current Linux binary for discovery server. That’s missing the ‘-http’ option. I had to download the current source from GitHub and compile it by my own.
Cheers Micha