error_log stderr;
pid nginx.pid;
daemon off;

http {
  geo $allowlist {
    default 0;
    # CIDR in the list below are using a more lenient limiter
    1.2.3.4/32 1;
  }

  map $allowlist $limit {
    0     $binary_remote_addr;
    1     "";
  }

  map $allowlist $limit_loose {
    1     $binary_remote_addr;
    0     "";
  }

  # limit zones are used in hagrid-routes.conf
  limit_req_zone $limit zone=search_email:10m rate=1r/s;
  limit_req_zone $limit_loose zone=search_email_loose:10m rate=1r/m;
  limit_req_zone $binary_remote_addr zone=search_fpr_keyid:10m rate=5r/s;

  proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
  proxy_cache_valid 200 5m;

  server {
    listen 0.0.0.0:8090;

    access_log stderr;

    # To debug the rewrite rules, enable these directives:
    # error_log stderr notice;
    # rewrite_log on;

    # include /etc/nginx/mime.types;
    default_type application/octet-stream;

    root dist/public;

    include hagrid-routes.conf;
  }
}

events {
  worker_connections 4096;
}