I want to deploy a mTLS based on cf, I don't know how to arrange it.

My website application is currently running on nginx with the origin server’s certificate deployed, and SSL/TLS full (strict) mode enabled in the SSL/TLS Overview. However, I now want to enable mTLS to encrypt my API and prevent unauthorized use. My backend is written in Node.js, and the frontend uses vue axios to make API requests. The server exposes port 3001 to nginx for reverse proxying to port 443 bound to a domain with HTTPS enabled. What steps do I need to take to enable mTLS? This is my first time using this feature, and I’m not familiar with the process, so I’d appreciate specific instructions and settings. Thank you.