server {
    listen                  443 ssl;

    ssl_certificate         /etc/nginx/certs/server.crt;
    ssl_certificate_key     /etc/nginx/certs/server.key;
    ssl_client_certificate  /etc/nginx/certs/ca.crt;
    ssl_verify_client       on;

    location / {
      if ($ssl_client_verify != SUCCESS) {
        return 403;
      }
      root   /usr/share/nginx/html;
      index  index.html index.htm;
    }
}