server {

  listen 80;

  sendfile on;
  default_type application/octet-stream;

  gzip on;
  gzip_http_version 1.1;
  gzip_min_length   1100;
  gzip_vary         on;
  gzip_proxied      expired no-cache no-store private auth;
  gzip_types        application/x-font-woff image/x-icon image/bmp text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  gzip_comp_level   9;

  root /usr/share/nginx/html;

  #Let's hide this bad boy's server info
  server_tokens off;
  
  # Let's harden this bad boy Feature Policies
  add_header Feature-Policy "camera 'none';autoplay 'none';microphone 'none';midi 'none';payment 'none';vr 'none';sync-xhr 'none';magnetometer 'none';gyroscope 'none';accelerometer 'none';usb 'none';speaker 'none'"; 
  add_header X-Frame-Options "DENY";
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
  add_header X-Content-Type-Options "nosniff";
  add_header Referrer-Policy "same-origin";
  
  location ~ /sso-keycloak(.*)$ {
    set $url "/#/sso-keycloak?${args}";
    return 301 $url;
  }

  location ~ /auth/sso/freshdesk(.*)$ {
    set $url "/#/auth/sso/freshdesk?${args}";
    return 301 $url;
  }

  location / {
    try_files $uri $uri/ /index.html =404;
    add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;
  }
}