server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name registryui.zinomedia.de;

    access_log off;
    error_log /var/log/nginx/error.log error;

    root /usr/share/nginx/html/registryui.zinomedia.de/www/htdocs;
    index index.php index.html;

    # SSL Certificate Configuration
    ssl_certificate /etc/letsencrypt/live/registryui.zinomedia.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/registryui.zinomedia.de/privkey.pem;

    include "snippets/ssl-optimizations.conf";

    # Password protect
    auth_basic "Protected Area";
    auth_basic_user_file /usr/share/nginx/html/registryui.zinomedia.de/.htpasswd;

    location / {
        add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:;" always;

        resolver 127.0.0.11;
        set $upstream "http://registryui:80";
        proxy_pass $upstream;

        client_max_body_size 0;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name registryui.zinomedia.de;
    return 301 https://$host$request_uri;
}