#Redirect http www to https no-www server { server_name _; access_log off; } #Redirect http no-www to https no-www server { // listening to port 80 listen "actual-server-ip"; listen [::]:80; server_name localhost; root /home/maindir; index index.php; access_log off; port_in_redirect off; location / { allow 127.0.0.1; auth_basic "Please enter username"; auth_basic_user_file /etc/nginx/.passfile1; } } server { // listening to port 443 for https requests listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name localhost; port_in_redirect off; access_log off; ssl_certificate /main/ssl/eth0___localhost.pem; ssl_certificate_key /main/ssl/eth0___localhost.key; ssl_trusted_certificate /main/ssl/eth0___localhost.ca; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_dhparam /root/dhparams.pem; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1; root /home/maindir; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; index index.php index.html index.htm; location / { proxy_pass http://127.0.0.1:81; // to direct requests to varnish proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header HTTPS "on"; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_redirect off; } location ~ /.ht { deny all; } }