# allow 6 requests per min -> one each 10s on avg.
limit_req_zone $binary_remote_addr zone=search_email:10m rate=1r/m;
limit_req_zone $binary_remote_addr zone=search_fpr_keyid:10m rate=5r/s;

proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
proxy_cache_valid 200 5m;

server {
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/edge.keys.openpgp.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/edge.keys.openpgp.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    rewrite_log on;
    error_log /home/hagrid/error.log notice;

    root /home/hagrid/run/public;
    server_name edge.keys.openpgp.org; # managed by Certbot

    include hagrid-routes.conf;
}

server {
    if ($host = edge.keys.openpgp.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name edge.keys.openpgp.org;
    return 404; # managed by Certbot
}