server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name element.{{ domain }};

    location / {
        proxy_pass http://127.0.0.1:{{ ports['element'] }};

        include /etc/nginx/snippets/ssl-headers.conf;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Content-Security-Policy "frame-ancestors 'none'";
    }
}