# HTTP server to automatically redirect to HTTPS
server {
listen 80;
server_name yourdomain.tld;
access_log /opt/fidi/logs/access_log;
error_log /opt/fidi/logs/error_log;
return 301 https://yourdomain.tld$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.tld;
ssl_certificate /etc/ssl/http/yourdomain.tld.crt;
ssl_certificate_key /etc/ssl/http/yourdomain.tld.key;
access_log /opt/fidi/logs/access_log;
error_log /opt/fidi/logs/error_log;
# Add this location block if you want to get a certificate from Let's Encrypt
location ^~ /.well-known {
root /opt/fidi/ssl;
}
# https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
auth_basic "Private Access Only!";
# All login credentials are stored in this file.
auth_basic_user_file /opt/fidi/.fidiauth;
satisfy any;
# Add trusted IPs as desired.
allow 1.1.1.1;
allow 2.2.2.2;
deny all;
location / {
# This should point to the `static` directory from the code repository.
# When pip-installed, that's found under a path like what's seen below.
root /opt/fidi/.local/lib/python3.6/site-packages/mousikofidi/static;
try_files $uri @fidi;
}
location @fidi {
include uwsgi_params;
# This should point to your `socket` value in `uwsgi.ini`, the user
# running the web server will need read and write access.
uwsgi_pass unix:/opt/fidi/tmp/mousikofidi.sock;
}
}