diff --git a/nginx.tmpl b/nginx.tmpl
index d371dc5..93fe67e 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -70,6 +70,9 @@ upstream {{ $host }} {
 
 {{/* Get the first cert name defined by containers w/ the same vhost */}}
 {{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
+{{ $clientCAName := (first (groupByKeys $containers "Env.CLIENT_CA_NAME")) }}
+
+{{ $locationOptions := (split (trimSuffix "]" (trimPrefix "[" (first (groupByKeys $containers "Env.SSL_LOCATION_OPTIONS")))) ",") }}
 
 {{/* Get the first SSL_VERIFY_CLIENT defined by containers w/ the same vhost */}}
 {{ $sslVerifyClient := (first (groupByKeys $containers "Env.SSL_VERIFY_CLIENT")) }}
@@ -107,14 +110,14 @@ server {
 
 	{{ if $sslVerifyClient }}
 	ssl_verify_client {{ (printf "%s" $sslVerifyClient) }};
-	ssl_client_certificate /etc/nginx/certs/{{ (printf "%s.cacert.pem" $cert) }};
+	ssl_client_certificate /etc/nginx/certs/{{ (printf "%s" $clientCAName) }};
 	{{ end }}
 
 	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
 
 	location / {
-		 {{ if $sslVerifyClient }}
-		 proxy_set_header Subject-Name $ssl_client_s_dn;
+		 {{ range $option := $locationOptions }}
+		 {{ (trimSuffix "'" (trimPrefix "'" (printf "%s" $option))) }};
 		 {{ end }}
 		 proxy_pass http://{{ $host }};
 	}
@@ -125,7 +128,10 @@ server {
 	server_name {{ $host }};
 
 	location / {
-		proxy_pass http://{{ $host }};
+		 {{ range $option := $locationOptions }}
+		 {{ (trimSuffix "'" (trimPrefix "'" (printf "%s" $option))) }};
+		 {{ end }}  
+		 proxy_pass http://{{ $host }};
 	}
 }