server {
    listen 80;
    listen [::]:80 ;
    listen 443 default_server ssl;
    listen [::]:443 ssl ;
    # chantge server_name while generating cert
    server_name <SERVER_NAME>;

    # force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }
    
    ssl_certificate /etc/nginx/ssl/live/<SERVER_NAME>/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/<SERVER_NAME>/privkey.pem;

    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        include  /etc/nginx/mime.types;
        root   /opt/nocohub/nginx/data/<SERVER_NAME>/;
        index  index.html index.htm;
        auth_basic "Restricted Access";
        auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;        
    }

    location /proxy {
        proxy_pass http://nocohub-001:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        auth_basic "Restricted Access";
        auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;       
    }    

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
       deny  all;
    }
}