#------------------------------------------------------------------
# Global Settings
#------------------------------------------------------------------
worker_processes auto;
worker_rlimit_nofile 100000;

events {
    worker_connections 4096;
    multi_accept on;
}

http {
    # Basic includes
    include       /opt/bitnami/nginx/conf/mime.types;
    default_type  application/octet-stream;

    # I/O optimizations
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    keepalive_timeout 65;

    # Caching open file descriptors
    open_file_cache          max=1000 inactive=20s;
    open_file_cache_valid    30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;

    # Hide Nginx version
    server_tokens off;

    #------------------------------------------------------------------
    # Gzip Compression
    #------------------------------------------------------------------
    gzip               on;
    gzip_disable       "msie6";
    gzip_vary          on;
    gzip_proxied       any;
    gzip_comp_level    5;
    gzip_buffers       16 8k;
    gzip_http_version  1.1;
    gzip_types
        text/plain
        text/css
        application/json
        application/javascript
        text/xml
        application/xml
        application/xml+rss
        text/javascript;

    # (If your image supports Brotli, you could also enable it here)

    #------------------------------------------------------------------
    # Server Block
    #------------------------------------------------------------------
    server {
        listen       7860;
        listen       [::]:7860;
        server_name  localhost;

        root   /usr/share/nginx/html;
        index  index.html;

        # Security headers
        add_header X-Frame-Options       "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection      "1; mode=block";
        add_header Referrer-Policy       "no-referrer-when-downgrade";
        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

        # SPA routing: try file, dir, then fallback to index.html
        location / {
            try_files $uri $uri/ /index.html;
        }

        # Static assets: long cache + no logs
        location ~* \.(?:css|js|json|txt|xml|woff2?|ttf|eot)$ {
            access_log off;
            log_not_found off;
            expires 30d;
            add_header Cache-Control "public, no-transform";
        }

        location ~* \.(?:png|jpe?g|gif|ico|svg)$ {
            access_log off;
            log_not_found off;
            expires 30d;
            add_header Cache-Control "public, no-transform";
        }

        # Fallback 404s to index for client‑side routing
        error_page 404 /index.html;
    }
}