From 6b6466cdbe839010ed70e9fb3f702e5481af8eaf Mon Sep 17 00:00:00 2001
From: Nobody84 <topmailcat@googlemail.com>
Date: Wed, 14 Nov 2018 11:19:37 +0100
Subject: [PATCH] Added support for Client-Side Certificate Authentication

---
 nginx.tmpl | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index d861050..c4297b2 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -256,6 +256,15 @@ server {
 	ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
 	{{ end }}
 
+        {{ if (exists (printf "/etc/nginx/ca/%s.crt" $host)) }}
+        ssl_client_certificate {{ (printf "/etc/nginx/ca/%s.crt" $host) }};
+        ssl_verify_client on;
+        {{ end }}
+
+        {{ if (exists (printf "/etc/nginx/ca/%s.crl" $host)) }}
+        ssl_crl {{ (printf "/etc/nginx/ca/%s.crl" $host) }};
+        {{ end }}
+	
 	{{ if (exists (printf "/etc/nginx/certs/%s.chain.pem" $cert)) }}
 	ssl_stapling on;
 	ssl_stapling_verify on;