# HTTP server to automatically redirect to HTTPS
server {
	listen 80;
	server_name yourdomain.tld;
	access_log /opt/fidi/logs/access_log;
	error_log /opt/fidi/logs/error_log;
	return 301 https://yourdomain.tld$request_uri;
}

server {
	listen 443 ssl;
	server_name yourdomain.tld;
	ssl_certificate /etc/ssl/http/yourdomain.tld.crt;
	ssl_certificate_key /etc/ssl/http/yourdomain.tld.key;

	access_log /opt/fidi/logs/access_log;
	error_log /opt/fidi/logs/error_log;

	# Add this location block if you want to get a certificate from Let's Encrypt
	location ^~ /.well-known {
		root /opt/fidi/ssl;
	}

	# https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
	auth_basic "Private Access Only!";
	# All login credentials are stored in this file.
	auth_basic_user_file /opt/fidi/.fidiauth;
	satisfy any;
	# Add trusted IPs as desired.
	allow 1.1.1.1;
	allow 2.2.2.2;
	deny all;

	location / {
		# This should point to the `static` directory from the code repository.
		# When pip-installed, that's found under a path like what's seen below.
		root /opt/fidi/.local/lib/python3.6/site-packages/mousikofidi/static;
		try_files $uri @fidi;
	}

	location @fidi {
		include uwsgi_params;
		# This should point to your `socket` value in `uwsgi.ini`, the user
		# running the web server will need read and write access.
		uwsgi_pass unix:/opt/fidi/tmp/mousikofidi.sock;
	}
}