# Nginx site configuration for {{ app_name }}
# Managed by Ansible

server {
    listen {{ nginx_port }};
    listen [::]:{{ nginx_port }};
    
    server_name {{ server_name }} {{ domain_name }};
    
    root {{ app_dir }};
    index index.html index.htm;
    
    # Logging
    access_log {{ access_log }};
    error_log {{ error_log }};
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    
    # Gzip compression
    {% if gzip_enabled %}
    gzip on;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript;
    {% endif %}
    
    # Client settings
    client_max_body_size {{ client_max_body_size }};
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    # Health check
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }
    
    # Deny hidden files
    location ~ /\. {
        deny all;
    }
}