events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    gzip on;
    gzip_types text/css application/javascript;
    gzip_min_length 256;

    server {
        listen 8888;
        
        add_header X-Frame-Options "DENY" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
        add_header Content-Security-Policy "default-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; connect-src 'self' http://127.0.0.1:3001 http://127.0.0.1:9999" always;
        
        location / {
            root /usr/share/nginx/html;
            index index.html;
        }
        
        location /internal/metrics {
            proxy_pass http://127.0.0.1:9999/internal/metrics;
            proxy_set_header Host $host;
            add_header Access-Control-Allow-Origin *;
        }
        
        location /internal/logs {
            proxy_pass http://127.0.0.1:3001;
            proxy_set_header Host $host;
            add_header Access-Control-Allow-Origin *;
        }
    }
}