events {}

http {
    server {
        listen 8080; # Listen on a separate port for health checks

        location /healthz {
            # Just return a 200 OK for any request to /healthz
            return 200 'healthy\n';
            add_header Content-Type text/plain;
        }
    }
}

stream {
    # TCP proxy configuration
    server {
        listen ${BACKEND_TCP_PORT};
        allow ${ALLOWED_IPS}; # Apply IP restrictions based on the ALLOWED_IPS variable
        deny all;
        proxy_pass ${BACKEND_HOST}:${BACKEND_TCP_PORT};
    }

    # UDP proxy configuration
    server {
        listen ${BACKEND_UDP_PORT} udp;
        allow ${ALLOWED_IPS}; # Apply IP restrictions
        deny all;
        proxy_pass ${BACKEND_HOST}:${BACKEND_UDP_PORT};
    }
}