From 92ec72b29b4fac88eecb396c3890df34d9aceff6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 24 Jul 2025 18:32:20 +0000
Subject: [PATCH] nginx_site: Add support for verify client option

---
 roles/nginx_site/templates/site.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/nginx_site/templates/site.conf.j2 b/roles/nginx_site/templates/site.conf.j2
index 386f023..774a823 100644
--- a/roles/nginx_site/templates/site.conf.j2
+++ b/roles/nginx_site/templates/site.conf.j2
@@ -29,6 +29,11 @@ server {
     ssl_certificate {{ tls_certs }}/{{ nginx_site_name }}-fullchain.crt;
     ssl_certificate_key {{ tls_private }}/{{ nginx_site_name }}.key;
 
+{% if nginx_site_verify_client is defined and nginx_site_verify_client %}
+    ssl_client_certificate {{ tls_certs }}/ca.crt;
+    ssl_verify_client on;
+
+{% endif %}
 {% if nginx_site_port is defined %}
 {%   include "./{}:{}.conf.j2".format(nginx_site_name, nginx_site_port) ignore missing %}
 {% else %}