# Expires map
map $sent_http_content_type $expires {
    default                    off;
    text/html                  7d;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;
}

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    # https://gtmetrix.com/specify-a-character-set-early.html
    # https://www.cyberciti.biz/faq/nginx-set-http-content-type-response-header-to-charset-utf8/
    charset UTF-8;

    add_header X-UA-Compatible "IE=Edge,chrome=1";

    # https://www.justegeek.fr/proteger-un-peu-plus-son-site-avec-la-balise-x-content-type-options/
    add_header X-Content-Type-Options "nosniff";

    add_header X-XSS-Protection "1; mode=block";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy "strict-origin-when-cross-origin";

    # https://scotthelme.co.uk/content-security-policy-an-introduction/
    add_header Content-Security-Policy "script-src 'self'";

    # https://scotthelme.co.uk/a-new-security-header-feature-policy/
    #add_header Feature-Policy "vibrate none";

    # https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    #Caching (save html pages for 7 days, rest as long as possible, no caching on frontpage)
    expires $expires;

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}