server {
    listen 80;
    server_name _;
    root /app;
    index index.html;

    client_max_body_size 55M;

    # Serve static files directly
    location / {
        try_files $uri $uri/ /index.html;
    }

    # PHP processing
    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

        # 15-minute timeout for Cloud Run PDF processing
        fastcgi_read_timeout 900s;
        fastcgi_send_timeout 900s;
    }

    # Serve page images from results
    location /results/ {
        alias /app/results/;
        expires 1d;
        add_header Cache-Control "public, immutable";
    }

    # Security headers
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Deny access to hidden files
    location ~ /\. {
        deny all;
    }
}