upstream graylog {
  server localhost:{{ graylog_port }};
}

geo $local_access {
  default 0;
  192.168.1.0/24 1;
}

server {
  modsecurity on;
  modsecurity_rules_file {{ nginx_path }}/modsec_includes.conf;

  listen 80;
  server_name {{ logs_server_name }};

  location / {
    if ($local_access = 1) {
      access_log off;
    }
    allow 192.168.1.0/24;
    allow 127.0.0.1;
    deny all;

    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Upgrade         $http_upgrade;
    proxy_set_header Connection      $connection_upgrade;

    proxy_buffering off;
    proxy_pass http://graylog;
  }
}