server {
  listen 8080;
  server_name _;

  root /usr/share/nginx/html;
  index index.html;

  add_header X-Content-Type-Options nosniff always;
  add_header X-Frame-Options DENY always;
  add_header Referrer-Policy strict-origin-when-cross-origin always;

  # Static assets: cache aggressively
  location ~* \.(?:css|js|mjs|map|png|jpg|jpeg|gif|svg|ico|webp|woff2|woff|ttf)$ {
    expires 30d;
    add_header Cache-Control "public, max-age=2592000, immutable";
    try_files $uri =404;
  }

  # HTML: no cache
  location ~* \.html$ {
    add_header Cache-Control "no-cache";
    try_files $uri =404;
  }

  # Next.js static export: try file, then file.html, then 404
  location / {
    try_files $uri $uri.html $uri/ /404.html;
  }
}