server {
    listen 80;
    listen 443 ssl http2;
    client_max_body_size 4g;
    
    server_tokens off;
    server_name 127.0.0.1;

    proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer";

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }

    location /heartbeat {
        default_type text/plain;
        return 200 "Heartbeat";
    }
}