server {
    listen       8080;
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types
    application/atom+xml
    application/geo+json
    application/javascript
    application/x-javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rdf+xml
    application/rss+xml
    application/xhtml+xml
    application/xml
    font/eot
    font/otf
    font/ttf
    image/svg+xml
    text/css
    text/javascript
    text/plain
    text/xml;
    add_header 'Pragma' 'no-cache';
    add_header 'Cache-Control' 'no-cache, no-store';
    add_header 'Set-Cookie' 'Path=/; HttpOnly; Secure;';
    add_header 'X-Content-Type-Options' 'nosniff';
    add_header 'X-XSS-Protection' '1; mode=block';
    add_header 'X-Frame-Options' 'SAMEORIGIN';
    add_header 'Strict-Transport-Security' "max-age=31536000; includeSubDomains" always;
    add_header 'Content-Security-Policy' "default-src https:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: data:; font-src 'self' https:;media-src 'self' https:;";
    add_header 'Access-Control-Allow-Origin' '*';
    
    # Block access to config.json
    location ~* /config.json {
        return 403;
    }
    
    location / {
        root /usr/share/nginx/html;
        proxy_cookie_path / "/; secure";
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }

    location ~* \.(?:ico|css|js|gif|jpe?g|png|woff|woff2|svg|)$ {
        root /usr/share/nginx/html;
        proxy_cookie_path / "/; secure";
        try_files $uri $uri/ /index.html;
        expires 365d;
    }

    location ~* \~ {                      
        return   403;
    }
}