feat: nginx conf

nginx/nginx.conf

@@ -2,6 +2,7 @@ server {
     listen 80;
     server_name api.bereal.michaeldemar.co;
 
+    # Redirect all HTTP traffic to HTTPS
     return 301 https://$host$request_uri;
 }
 
@@ -12,31 +13,33 @@ server {
     ssl_certificate /etc/letsencrypt/live/api.bereal.michaeldemar.co/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/api.bereal.michaeldemar.co/privkey.pem;
 
+    # Block specific IP addresses
     location / {
         deny 144.255.17.181;
         deny 171.34.179.120;
         deny 222.94.163.44;
         deny 171.116.44.119;
-    }
 
-    if ($http_referer ~* superlum.com) {
-        return 444;
-    }
+        # Block requests with "superlum.com" referrer
+        if ($http_referer ~* superlum.com) {
+            return 444;
+        }
 
-    if ($http_user_agent = "" || $request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$ ) {
-        return 403;
+        # Main server configuration
+        proxy_pass http://web:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    # Drop requests to common WordPress paths
     location ~* /(wp-admin|wp-login\.php|wp-includes|wp-content|xmlrpc\.php|wp-json) {
         return 444;
     }
 
-    # web and port are from the service's definition in docker-compose
-    location / {
-        proxy_pass http://web:5000;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+    # Block non-standard HTTP methods
+    if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$ ) {
+        return 403;
     }
 }