worker_processes 1;

events {
    worker_connections 1024;
}

http {
    server {
        listen       3000;
        listen  [::]:3000;

		# Redirect from non-www to www
		# if ($host ~ ^(?!www\.)(?<domain>.+)$) {
		# 	return  301 $scheme://www.$domain$request_uri;
		# }

		# Redirect from www to non-www
		if ($host ~ ^www\.(?<domain>.+)$) {
			return  301 $scheme://$domain$request_uri;
		}

        server_name _;

        root    /usr/share/nginx/html;
        index   index.html index.htm;
        include /etc/nginx/mime.types;

        gzip on;
        gzip_min_length 1000;
        gzip_proxied expired no-cache no-store private auth;
        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        error_page 404             /404.html;
        error_page 500 502 503 504 /50x.html;

        # Security headers (note: temporaly unvailable "prefetch-src 'self'; ")
        add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://img.shields.io; font-src 'self'; connect-src 'self'; base-uri 'self';";
        add_header X-Frame-Options "DENY";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";
        add_header Referrer-Policy "no-referrer";
        add_header Permissions-Policy "geolocation=(), microphone=(), interest-cohort=()";
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Download-Options "noopen";

        location / {
            try_files $uri $uri.html $uri/index.html /$uri /$uri/index.html =404;
        }

        # Plausible script
        location /js/script.js {
            # Change this if you use a different variant of the script
            proxy_pass https://plausible.io/js/script.outbound-links.js;
            proxy_set_header Host plausible.io;

            # Tiny, negligible performance improvement. Very optional.
            proxy_buffering on;
        }

        # Plausible script
        location /api/event {
            proxy_pass https://plausible.io/api/event;
            proxy_set_header Host plausible.io;
            proxy_buffering on;
            proxy_http_version 1.1;

            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host  $host;
        }

        # Media: images, icons, video, audio, HTC
        location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webp|webm|htc|woff2|woff)$ {
            expires 1y;
            access_log off;
        }

        # CSS and Javascript
        location ~* \.(?:css|js)$ {
            expires 1y;
            access_log off;
        }
    }
}