user http;
worker_processes  1;

load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;

error_log  /var/log/nginx/error.log info;

events {
  worker_connections  1024;
}

http {
  include mime.types;

  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile        on;
  server_tokens   off;
  #tcp_nopush     on;

  keepalive_timeout 65;

  gzip on;
  gzip_disable "mise6";

  # client_body_buffer_size     1k;
  # client_header_buffer_size   1k;
  # client_max_body_size        2k;
  # large_client_header_buffers 2 1k;

  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'";

  limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

  include /etc/nginx/sites-enabled/*.conf;
}