events {
  worker_connections          1024;
}

http {
  include                     mime.types;

  default_type                application/octet-stream;

  sendfile                    on;

  server_tokens               off;

  server {
    listen                    8080;
    server_name               _;
   
    add_header                Content-Security-Policy "default-src 'self' 'unsafe-inline' data:;";
    add_header                Permissions-Policy "geolocation=(), midi=(), camera=(), usb=(), payment=(), vr=(), speaker=(), ambient-light-sensor=(), gyroscope=(), microphone=(), usb=(), interest-cohort=()";
    add_header                Referer "no-referrer"; 
    add_header                Referrer-Policy "no-referrer";
    add_header                Strict-Transport-Security "max-age=63072000" always;
    add_header                Surrogate-Control "public";
    add_header                X-Content-Type-Options "nosniff";
    add_header                X-Frame-Options "DENY";

    client_max_body_size      1;

    location /r/ {
        # Do not log location data
        access_log            off;
        error_log             /dev/null emerg;
        proxy_pass            http://backend:9000/r/;
    }

    location /status {
        proxy_pass            http://backend:9000/status;
    }

    gzip                      on;
    gzip_types                *;
    expires                   1d;

    location = /privacy-policy.html {
        root                  /usr/share/nginx/html;
        try_files             /privacy-policy.html =404;
    }

    location / {
        proxy_pass            http://frontend:80/;
    }
  }
}