user nginx;
worker_processes 1;

load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;

error_log /var/log/nginx/error.log notice;
error_log syslog:server=localhost:{{ syslog_udp_error }},tag=nginx,severity=info notice;

events {
  worker_connections 1024;
}

http {
  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  include mime.types;

  default_type application/octet-stream;

  log_format main '$remote_addr - $connection : $connection_requests [$time_iso8601] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  log_format graylog_json escape=json '{ "nginx_timestamp": "[$time_iso8601]", '
    '"remote_addr": "$remote_addr", '
      '"connection": "$connection", '
      '"connection_requests": $connection_requests, '
      '"body_bytes_sent": $body_bytes_sent, '
      '"request_length": $request_length, '
      '"request_time": $request_time, '
      '"response_status": $status, '
      '"request": "$request", '
      '"request_method": "$request_method", '
      '"host": "$host", '
      '"upstream_cache_status": "$upstream_cache_status", '
      '"upstream_addr": "$upstream_addr", '
      '"http_x_forwarded_for": "$http_x_forwarded_for", '
      '"http_referrer": "$http_referer", '
      '"http_user_agent": "$http_user_agent", '
      '"http_version": "$server_protocol", '
      '"remote_user": "$remote_user", '
      '"http_x_forwarded_proto": "$http_x_forwarded_proto", '
      '"upstream_response_time": "$upstream_response_time", '
      '"nginx_access": true }';

  access_log /var/log/nginx/access.log main;
  access_log syslog:server=localhost:{{ syslog_udp_default }},tag=nginx,severity=info graylog_json;

  sendfile        on;
  server_tokens   off;
  #tcp_nopush     on;

  keepalive_timeout 65;

  gzip on;
  gzip_disable "mise6";
  gzip_min_length 1000;
  gzip_proxied    expired no-cache no-store private auth;
  gzip_types      text/plain application/xml application/json application/javascript application/octet-stream text/css;

  # client_body_buffer_size     1k;
  # client_header_buffer_size   1k;
  # client_max_body_size        2k;
  # large_client_header_buffers 2 1k;

  limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

  include /etc/nginx/sites-enabled/*.conf;
}