server {
	error_log /var/log/front/err.log warn;
	access_log /var/log/front/log.log;

    listen 80;

    modsecurity on;

	add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

	location / {
		proxy_pass http://transcendence-webserv:80/;
		proxy_http_version 1.1;
	}

    location /api/v1/user/ {
        proxy_pass http://transcendence-api-user:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
	location /api/v1/user/metrics {
		return 403;
	}

    location /api/v1/auth/ {
        proxy_pass http://transcendence-api-auth:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
	location /api/v1/auth/metrics {
		return 403;
	}
	location /api/v1/auth/login/google/callback {
		modsecurity off;
        proxy_pass http://transcendence-api-auth:3000/;
	}
	location /api/v1/auth/register/google/callback {
		modsecurity off;
        proxy_pass http://transcendence-api-auth:3000/;
	}
}

server {
    listen 8080;
    location /nginx_status {
        stub_status;
    }
}