With a bit of a workaround it is possible to do this. For whatever reason you're very limited in what you can add to the Edit Proxy Host >> Advance >> Custom Nginx Configuration section. However, you can put include. I wanted to authenticate with my smart card so I added two read only binds to the docker-compose stack:

      - /docker/proxy/DoD_CAs.pem:/etc/ssl/certs/DoD_CAs.pem:ro
      - /docker/proxy/cac_auth.conf:/etc/nginx/conf.d/include/cac_auth.conf:ro

Inside the custom nginx configuration section I added include conf.d/include/cac_auth.conf;

You should be able to add any custom nginx config using this method that would otherwise be unsupported in NPM. Here's what is inside my cac_auth.conf.

ssl_client_certificate /etc/ssl/certs/DoD_CAs.pem;
ssl_verify_client on;
if ($ssl_client_s_dn !~ "CN=YOURCERTCOMMONNAMEHERE") {
  return 403;
}

Thanks for the tip!
Native support would be awesome tho :)

Tried @dmwilson1990 recommendation :

Command failed: /usr/sbin/nginx -t -g "error_log off;" nginx: [emerg] invalid condition "!~" in /etc/nginx/conf.d/include/client_cert.conf:3 nginx: configuration file /etc/nginx/nginx.conf test failed

That's the file content :

ssl_client_certificate /data/custom_ssl/tynsoe_ca.pem;
ssl_verify_client on;
if ($ssl_client_s_dn !~ "CN=yann") {
  return 403;
}

EDIT: It might have been that I didn't have Safari sending the certificate, because I didn't have it in my keychain yet. I removed the block totally though, as I'm assuming it'll trust any CA generated certificate in that case

Issue is now considered stale. If you want to keep it open, please comment 👍