server {
    server_name localhost:8000;

    client_max_body_size 10M;

    gzip on;
    gzip_types
      application/javascript
      application/x-javascript
      application/json
      application/rss+xml
      application/xml
      application/vnd.ms-fontobject
      application/font-sfnt
      image/svg+xml
      image/x-icon
      text/xml
      text/javascript
      text/css
      text/plain;
    gzip_min_length 256;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_vary on;

    location /media/ {
        alias /app/media/;
        expires 30d;
    }

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://django:8000;
        proxy_redirect off;
    }

    add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src 'self' https:; script-src 'self'
        https://gc.gabnotes.org; connect-src https://gc.gabnotes.org; style-src 'self' 'unsafe-inline';
        font-src 'self'; manifest-src 'self';" always;
    add_header X-Frame-Options "DENY" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    listen [::]:80;
    listen 80;
}