server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
aio threads;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
include /etc/nginx/snippets/tlsparams.conf;
tcp_nopush on;
keepalive_timeout 300s;
gzip on;
charset UTF-8;
auth_basic "CG";
auth_basic_user_file /etc/nginx/secrets/cg.htpasswd;
error_page 401 /noauth/auth_required.html;
proxy_set_header Authorization "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx/*.conf;
access_log /var/log/nginx/ tsv_full;
error_log /var/log/nginx/ warn;
