server {
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name taxhacker.app;

    charset utf-8;
    client_max_body_size 256M;

    set_real_ip_from  172.17.0.0/16;
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

    ssl_certificate /home/vas3k/certs/pubkey.pem;
    ssl_certificate_key /home/vas3k/certs/privkey.pem;

    location / {
        add_header "Access-Control-Allow-Origin" "*";
        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
        add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
        add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range";
        add_header "Strict-Transport-Security" "max-age=31536000;includeSubDomains";
        add_header "X-Content-Type-Options" "nosniff";
        add_header "Referrer-Policy" "strict-origin-when-cross-origin";
        add_header "Permissions-Policy" "accelerometer=(),camera=(),geolocation=(self 'https://taxhacker.app'),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()";

        proxy_set_header "Host" $http_host;
        proxy_set_header "X-Forwarded-Host" $host;
        proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
        proxy_set_header "X-Forwarded-Proto" $scheme;
        proxy_redirect off;
        proxy_buffering off;

        proxy_pass http://127.0.0.1:7331;
    }
}