server {
    listen 80;
    listen [::]:80;
    server_name example.mydomain.com;
    return 301 https://example.mydomain.com$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.mydomain.com;
    ssl_certificate /etc/letsencrypt/live/example.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.mydomain.com/privkey.pem;
    
	include /etc/nginx/tls-profile.conf;
	ssl_prefer_server_ciphers   on;
	
	root    "/www/example";
    index    index.html  index.htm  index.cgi  index.php  index.php5 ;
    #error_page 400 401 402 403 404 405 406 407 408 500 501 502 503 504 505 @error_page;
    error_page 400 402 403 404 405 406 407 408 500 501 502 503 504 505 @error_page;
    error_page 401 /errorpages/401.htm;

    location @error_page {
        root /www/error_page;
        rewrite ^ /$status.html break;
    }
    
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    #compression level
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    # files to gzip
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
	
	location / {
		auth_basic 				"Protected";
		auth_basic_user_file 	/www/passwd/.htpasswd;
		try_files $uri $uri/ =404;
	}

	location /errorpages {
		auth_basic          off;
		try_files $uri $uri/ =404;
	}
	location ~ \.css$ {
		auth_basic          off;
		try_files $uri $uri/ =404;
	}
	location ~ \.png$ {
		auth_basic          off;
		try_files $uri $uri/ =404;
	}
	location ~ \.ico$ {
		auth_basic          off;
		try_files $uri $uri/ =404;
	}
	
	location /htadmin {
		auth_basic          off;
		try_files $uri $uri/ =404;
	}
	location /htadmin/config {
		deny all;
        return 404;
	}
	location /htadmin/includes {
		deny all;
        return 404;
	}
	location /htadmin/tools {
		deny all;
        return 404;
	}
	
	location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param HOST "example.mydomain.com";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
	
}