server {
  listen 8080 default_server;
  listen [::]:8080 default_server;
  server_name test.mydom.com;

  # X-Frame-Options is to prevent from click-jacking attack
  #add_header X-Frame-Options SAMEORIGIN;

  # Disable content-type sniffing on some browsers.
  add_header X-Content-Type-Options nosniff;

  # This header enables the Cross-site scripting (XSS) filter
  add_header X-XSS-Protection "1; mode=block";

  # This header controls what referrer information is shared
  add_header Referrer-Policy same-origin;

  # Content-Security-Policy is set via meta tag on the website so it is not included here

  location / {
    proxy_pass http://bitwarden-web/;
  }

  location = /app-id.json {
    proxy_pass http://bitwarden-web:5000/app-id.json;
    proxy_hide_header Content-Type;
    add_header Content-Type $fido_content_type;
  }

  location /attachments/ {
    proxy_pass http://bitwarden-attachments:5000/;
  }

  location /api/ {
    proxy_pass http://bitwarden-api:5000/;
  }

  location /identity/ {
    proxy_pass http://bitwarden-identity:5000/;
  }

  location /icons/ {
    proxy_pass http://bitwarden-icons:5000/;
  }

  location /admin {
    proxy_pass http://bitwarden-admin:5000;
  }
}