server {
  listen 80;
  server_tokens off;
  root /var/www/html/public;
  index index.php;
  client_max_body_size 1m;
  add_header X-Content-Type-Options nosniff always;
  add_header Referrer-Policy no-referrer always;
  add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'" always;
  location / { try_files $uri $uri/ /index.php?$query_string; }
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass app:9000;
    fastcgi_read_timeout 30s;
  }
  location ~ /\. { deny all; }
}
