require client certificate for incoming connections on backend servers

roles/nginx/server/templates/nginx.conf.j2

@@ -31,6 +31,9 @@ http {
         ssl_trusted_certificate /etc/pki/tls/certs/ca.crt;
         ssl_certificate_key /etc/pki/tls/private/{{ inventory_hostname }}.key;
 
+        ssl_client_certificate /etc/pki/tls/certs/ca.crt;
+        ssl_verify_client on;
+
         root /srv/web/{{ inventory_hostname }};
 
         include /etc/nginx/conf.d/{{ inventory_hostname }}/*.conf;