diff --git a/iacore.conf b/iacore.conf
index 3559fa0..69b9c3f 100644
--- a/iacore.conf
+++ b/iacore.conf
@@ -1,3 +1,5 @@
+log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..9ecf613
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,22 @@
+# SSL
+ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
+include /etc/letsencrypt/options-ssl-nginx.conf;
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+add_header Strict-Transport-Security "max-age=63072000" always;
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
+
+# Log to system journal
+access_log syslog:server=unix:/dev/log;
+error_log syslog:server=unix:/dev/log;
+
+# Disable symlinks so users can't make nginx follow symlinks to sensitive files
+disable_symlinks if_not_owner;
+
+# Force UTF-8 because why not
+charset utf-8;
+
+# Yay HTTP/2!
+http2 on;
diff --git a/x.conf b/x.conf
index 152d393..5cd3c72 100644
--- a/x.conf
+++ b/x.conf
@@ -31,6 +31,10 @@ server {
     listen [::]:443 ssl;
     server_name reddit.exozy.me;
 
+    if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
+        return 444;
+    }
+
     location / {
         proxy_pass http://localhost:7633;
         proxy_set_header Host $host;