tuxmartin/gist:61a7b9a093a551ff943ab9022d74ec38

## gistfile1.txt
		# cat /etc/nginx/sites-enabled/muj.server.net
server {
		listen 80;
		listen [::]:80;

		index index.html index.htm index.nginx-debian.html;

		server_name muj.server.net;

		location / {
			auth_basic "Restricted Access";
			auth_basic_user_file /etc/nginx/htpasswd.users;

			proxy_pass       http://localhost:8080;
			proxy_set_header Host      $host;
			proxy_set_header X-Real-IP $remote_addr;
		}
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        index index.html index.htm index.nginx-debian.html;

        server_name muj.server.net;

		#SSL
		ssl_session_timeout 1d;
		ssl_session_cache shared:SSL:50m;
		ssl_session_tickets off;

		ssl_protocols TLSv1.2;
		ssl_ciphers EECDH+AESGCM:EECDH+AES;
		ssl_ecdh_curve secp384r1;
		ssl_prefer_server_ciphers on;

		ssl_stapling on;
		ssl_stapling_verify on;

		add_header X-Frame-Options DENY;
		add_header X-Content-Type-Options nosniff;

		ssl_certificate		/etc/nginx/ssl/muj.server.net/muj.server.net.cer;
		ssl_certificate_key	/etc/nginx/ssl/muj.server.net/muj.server.net.key;
		ssl_trusted_certificate	/etc/nginx/ssl/muj.server.net/ca.cer;
		#SSL

        location / {
		auth_basic "Restricted Access";
		auth_basic_user_file /etc/nginx/htpasswd.users;

                proxy_pass       http://localhost:8080;
                proxy_set_header Host      $host;
                proxy_set_header X-Real-IP $remote_addr;
        }
}


## gistfile2.txt
htpasswd -c /etc/nginx/htpasswd.users admin
	# cat /etc/nginx/sites-enabled/muj.server.net
	server {
	listen 80;
	listen [::]:80;

	index index.html index.htm index.nginx-debian.html;

	server_name muj.server.net;

	location / {
	auth_basic "Restricted Access";
	auth_basic_user_file /etc/nginx/htpasswd.users;

	proxy_pass http://localhost:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	}
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;

	index index.html index.htm index.nginx-debian.html;

	server_name muj.server.net;

	#SSL
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.2;
	ssl_ciphers EECDH+AESGCM:EECDH+AES;
	ssl_ecdh_curve secp384r1;
	ssl_prefer_server_ciphers on;

	ssl_stapling on;
	ssl_stapling_verify on;

	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	ssl_certificate /etc/nginx/ssl/muj.server.net/muj.server.net.cer;
	ssl_certificate_key /etc/nginx/ssl/muj.server.net/muj.server.net.key;
	ssl_trusted_certificate /etc/nginx/ssl/muj.server.net/ca.cer;
	#SSL

	location / {
	auth_basic "Restricted Access";
	auth_basic_user_file /etc/nginx/htpasswd.users;

	proxy_pass http://localhost:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	}
	}