server {
    listen 80;
    server_name <DOMAIN NAME>;

    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name <DOMAIN NAME>;

    # remove trailing slash

    # css, js…
    location /static {
        alias <PROJECT PATH>/static;
    }

    # letsencrypt
    location '/.well-known/acme-challenge/' {
        default_type "text/plain";
        root         /data/services/web/default/certbot;
    }

    if ($request_uri !~ "^/admin.*") {
        # don't rewrite admin
        rewrite ^/(.*)/$ /$1 permanent;
    }

    location / {
        include               proxy_params;
        proxy_pass            http://unix:<PROJECT PATH>/updatesdashboard.sock;
        proxy_connect_timeout 120s;
        proxy_read_timeout    300s;

        auth_basic           "Restricted";
        auth_basic_user_file <PROJECT PATH>/htpasswd;
    }

    include includes/ssl.conf;
    ssl_certificate     /etc/letsencrypt/live/updatesdashboard.accelance.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/updatesdashboard.accelance.net/privkey.pem;

    error_log  /data/log/web/updatesdashboard-ssl-error.log;
    access_log /data/log/web/updatesdashboard-ssl-access.log;
}