server {
    listen 80;
    root /usr/share/nginx/html;
    index index.html;

    # 보안 헤더
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;

    # index.html은 캐싱 금지 (배포 후 즉시 반영)
    location = /index.html {
        try_files $uri =404;
        add_header Cache-Control "no-store, no-cache, must-revalidate";
    }

    # Vite 해시 에셋 장기 캐싱
    location /assets/ {
        add_header Cache-Control "public, max-age=31536000, immutable";
    }

    # SPA fallback (react-router 사용 시 필요)
    location / {
        try_files $uri $uri/ /index.html;
    }

    gzip on;
    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
    gzip_min_length 1024;
}