pid /run/nginx.pid; user www-data; worker_processes auto; load_module modules/ngx_http_geoip2_module.so; events { worker_connections 32768; multi_accept on; } http { log_format tiny escape=json '{"t":"$time_iso8601","p":"$ssl_protocol","r":"$remote_addr","c":"$geo_country","P":"$geo_postal","A":"$geo_aso","a":"$http_user_agent","R":"$http_referer","h":"$host","q":"$request","s":$status}'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 5; types_hash_max_size 2048; server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"; access_log /var/log/nginx/access.log tiny buffer=1m; error_log /var/log/nginx/error.log; geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { auto_reload 5m; $geo_continent continent code; $geo_cc country iso_code; $geo_country country names en; $geo_city city names en; $geo_postal postal code; $geo_latitude location latitude; $geo_longitude location longitude; $geo_tz location time_zone; } geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { auto_reload 5m; $geo_asn autonomous_system_number; $geo_aso autonomous_system_organization; } server { listen [::]:80 reuseport backlog=32768; listen 80 reuseport backlog=32768; server_name .ident.me; #access_log off; expires off; add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "no-cache, no-store, must-revalidate"; location / { default_type text/plain; return 200 $remote_addr; } location /n { proxy_pass http://127.0.0.1:8080; } location /json { default_type application/json; charset utf-8; return 200 '{"ip":"$remote_addr","aso":"$geo_aso","asn":"$geo_asn","continent":"$geo_continent","cc":"$geo_cc","country":"$geo_country","city":"$geo_city","postal":"$geo_postal","latitude":"$geo_latitude","longitude":"$geo_longitude","tz":"$geo_tz"}'; } location /.json { default_type application/json; return 200 '{"address":"$remote_addr"}'; } location /.xml { default_type application/xml; return 200 '
$remote_addr
'; } location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/lib/letsencrypt; } location /statusz { stub_status; } } server { listen [::]:443 ssl reuseport http2 backlog=32768; listen 443 ssl reuseport http2 backlog=32768; server_name .ident.me; ssl_certificate /etc/letsencrypt/live/ident.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ident.me/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/ident.me/chain.pem; expires off; add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "no-cache, no-store, must-revalidate"; location / { default_type text/plain; return 200 $remote_addr; } location /n { proxy_pass http://127.0.0.1:8080; } location /json { default_type application/json; charset utf-8; return 200 '{"ip":"$remote_addr","aso":"$geo_aso","asn":"$geo_asn","continent":"$geo_continent","cc":"$geo_cc","country":"$geo_country","city":"$geo_city","postal":"$geo_postal","latitude":"$geo_latitude","longitude":"$geo_longitude","tz":"$geo_tz"}'; } location /.json { default_type application/json; return 200 '{"address":"$remote_addr"}'; } location /.xml { default_type application/xml; return 200 '
$remote_addr
'; } location /statusz { stub_status; } } server { listen [::]:80; listen 80; server_name api.ident.me ipa.ident.me; return 301 https://$host$request_uri; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/lib/letsencrypt; } } server { listen [::]:443 ssl; listen 443 ssl; server_name api.ident.me ipa.ident.me; ssl_certificate /etc/letsencrypt/live/ident.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ident.me/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/ident.me/chain.pem; location / { root /api; access_log /var/log/nginx/api.log tiny; charset utf-8; } } server { listen [::]:443 ssl; listen 443 ssl; server_name www.ident.me; ssl_certificate /etc/letsencrypt/live/ident.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ident.me/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/ident.me/chain.pem; location / { root /www; access_log /var/log/nginx/www.log tiny; charset utf-8; } } server { listen [::]:80; listen 80; server_name www.ident.me; return 301 https://$host$request_uri; } }