# Bank landing — :9013 (behind Caddy :443 — never put 9013 in redirects) server { listen 9013; listen [::]:9013; server_name bank.hacktivism.ch _; root /var/www/bank-landing; index index.html; # Critical behind reverse_proxy: no :9013 in Location headers absolute_redirect off; port_in_redirect off; location = / { return 302 /intro/; } location = /intro { return 302 /intro/; } # Terms (same dark palette as merchant/exchange terms pages) location = /terms { alias /var/www/bank-landing/terms.html; default_type text/html; add_header Cache-Control "no-store" always; } location = /terms/ { return 302 /terms; } location = /privacy { alias /var/www/bank-landing/privacy.html; default_type text/html; add_header Cache-Control "no-store" always; } location = /privacy/ { return 302 /privacy; } location /intro/ { alias /var/www/bank-landing/; } location = /intro/stats.json { alias /var/www/bank-landing/stats.json; default_type application/json; add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Methods "GET, OPTIONS" always; add_header Cache-Control "no-store" always; } location = /stats.json { alias /var/www/bank-landing/stats.json; default_type application/json; add_header Access-Control-Allow-Origin * always; add_header Cache-Control "no-store" always; } location / { try_files $uri $uri/ =404; } }