server {
    # Listen on port 80 for standard HTTP traffic
    listen 80;
    
    # Specify the domain name this block should respond to
    server_name SERVER_NAME;

    location .well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        # Redirect all HTTP requests to HTTPS
        return 301 https://$host$request_uri;
    }

}

server {
    listen 443 ssl;
    server_name SERVER_NAME;
    ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;

    root /var/www/html/SERVER_NAME;

    index index.html index.htm;

    location / {
        auth_basic "Restricted Documentation Area";
        auth_basic_user_file /etc/nginx/auth/AUTH_FILE;
        try_files $uri $uri/ =404;
    }
 
    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg)$ {
        # Set cache duration to 30 days
        expires 30d;
        # Disable access logging for these files to reduce disk I/O
        access_log off;
        auth_basic "Restricted Documentation Area";
        auth_basic_user_file /etc/nginx/auth/AUTH_FILE;
    }

}