server { listen 80; server_name rehook.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name rehook.example.com; ssl_certificate ssl/example.com.crt; ssl_certificate_key ssl/example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; location / { proxy_pass http://127.0.0.1:9001; } location /h/ { auth_basic "off"; proxy_pass http://127.0.0.1:9000; } }