deploy_home/ansible/roles/podman/templates/nginx/sites/logs.bdebyl.net.conf.j2

upstream graylog {
  server 127.0.0.1:{{ graylog_port }};
}

geo $local_access {
  default 0;
  192.168.0.0/16 1;
}

server {
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec_includes.conf;

  listen 80;
  server_name {{ logs_server_name }};

  location / {
    if ($local_access = 1) {
      access_log off;
    }
    allow 192.168.0.0/16;
    allow 127.0.0.1;
    deny all;

    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Upgrade         $http_upgrade;
    proxy_set_header Connection      $connection_upgrade;

    proxy_buffering off;
    proxy_pass http://graylog;
  }
}