auth.campfiregg.ru {
    root * /data/www-auth
    encode gzip
    try_files {path} /index.html
    file_server

    # Настройки безопасности
    header {
        # Включаем HSTS
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        # Запрещаем встраивание в фреймы
        X-Frame-Options "SAMEORIGIN"
        # Включаем XSS защиту
        X-XSS-Protection "1; mode=block"
        # Запрещаем MIME-sniffing
        X-Content-Type-Options "nosniff"
        # Настройки CSP
        Content-Security-Policy "default-src 'self' https://api.campfiregg.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://api.campfiregg.ru"
    }

    # Настройки CORS
    @cors_preflight method OPTIONS
    handle @cors_preflight {
        header Access-Control-Allow-Origin "https://mneie.campfiregg.ru https://staff.campfiregg.ru https://game.campfiregg.ru"
        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
        header Access-Control-Max-Age "3600"
        respond 204
    }

    handle {
        header Access-Control-Allow-Origin "https://mneie.campfiregg.ru https://staff.campfiregg.ru https://game.campfiregg.ru"
        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    }
}

# Остальные настройки для других доменов
:80 {
    root * /data/www
    try_files {path} /index.html
    file_server browse
    php_fastcgi unix//run/php/php-fpm.sock
}

:443 {
    root * /data/www
    try_files {path} /index.html
    file_server browse
    php_fastcgi unix//run/php/php-fpm.sock
}