server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name content.libraryofcode.org; ssl_certificate /etc/nginx/ssl/org.chain.crt; ssl_certificate_key /etc/nginx/ssl/org.key.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; root /var/www/content; location / { autoindex on; } location /sec { autoindex on; auth_basic "Secure Area"; auth_basic_user_file /etc/nginx/htpasswd; } }