server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name offsite-ejbca.mracs.dev;

    location / {
        allow 63.141.252.133;
        deny all;
        proxy_pass https://localhost:7563;
        proxy_set_header X-SSL-CERT $http_x_client_cert;
        proxy_set_header X-Client-Verify $http_x_client_verify;
    }

    location /test-headers {
        return 200 "X-SSL-CERT: $http_x_ssl_cert\nX-Client-Verify: $http_x_client_verify\nX-Client-DN: $http_x_client_dn\nX-Client-Serial: $http_x_client_serial\n";
        add_header Content-Type text/plain;
    }
}