server {
  listen 8080;
  proxy_hide_header WWW-Authenticate;
  port_in_redirect off;
  server_tokens off;
  root /usr/share/nginx/html;
  # SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
    # anyway, this is useless to change, since the outer nginx (the one that handles ingress and the whole stack) doesn't allow anything
  add_header Content-Security-Policy "frame-ancestors 'self'; connect-src 'self' $API_URL $PDFTRON_ALLOWED_HOSTS; default-src 'self' $API_URL; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";

  proxy_ssl_verify off;
  proxy_read_timeout 1m;
  proxy_ssl_server_name on;

  location / {
    return 302 http://$http_host/ui/;
  }

  location /ui/ {
   proxy_hide_header WWW-Authenticate;
   try_files $uri $uri/ /ui/index.html =404;
  }

  client_max_body_size 0;
  gzip_min_length 1000;
  gzip on;
  gzip_http_version 1.0;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_types application/javascript text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

}