events {} http { gzip on; gzip_types *; gzip_comp_level 2; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; include mime.types; upstream server { server server:3000; } map $request_uri $expires { default off; "~-[0-9a-z]{10}\.js$" 365d; "~*(woff|woff2|ttf|eot)$" 365d; } map $sent_http_content_type $csp { default ""; "~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"; } server { listen 80; autoindex on; root /www/data; expires $expires; add_header Content-Security-Policy $csp; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; add_header Referrer-Policy 'origin-when-cross-origin'; add_header X-Content-Type-Options 'nosniff'; add_header X-XSS-Protection '1; mode=block'; location /api/ { proxy_pass http://server; proxy_redirect off; } location /vault/ { proxy_pass http://server; proxy_redirect off; } location /auditorium/ { proxy_pass http://server; proxy_redirect off; } location /script.js { proxy_pass http://server; proxy_redirect off; } location /healthz { proxy_pass http://server; proxy_redirect off; } error_page 404 /404.html; location = /404.html { internal; root /www/data; add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always; } } }