Remove safetwitch.conf because our instance is no longer maintained

log_format is only allowed in the http context and not in a server block. Otherwise you get the error "log_format" directive is not allowed here

iacore.conf

@@ -1,16 +1,40 @@
+log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
     server_name www.1a-insec.net;
 
-    ssl_certificate /etc/letsencrypt/live/www.1a-insec.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/www.1a-insec.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
 
     root /srv/http/iacore;
 
-    access_log /var/log/nginx/www.1a-insec.net.access.log;
+    access_log /var/log/nginx/www.1a-insec.net.access.log 1a-simple;
 
     location / {
         try_files $uri $uri.html $uri/ =404;
     }
 }
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name bean.1a-insec.net;
+
+    ssl_certificate /etc/letsencrypt/live/1a-insec.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/1a-insec.net/privkey.pem;
+
+    location / {
+        proxy_pass http://unix:/srv/http/bean-doze;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Proxy WebSockets
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+    }
+}

nginx.conf

@@ -0,0 +1,22 @@
+# SSL
+ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
+include /etc/letsencrypt/options-ssl-nginx.conf;
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+add_header Strict-Transport-Security "max-age=63072000" always;
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
+
+# Log to system journal
+access_log syslog:server=unix:/dev/log;
+error_log syslog:server=unix:/dev/log;
+
+# Disable symlinks so users can't make nginx follow symlinks to sensitive files
+disable_symlinks if_not_owner;
+
+# Force UTF-8 because why not
+charset utf-8;
+
+# Yay HTTP/2!
+http2 on;

safetwitch.conf

@@ -1,12 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name safetwitch.exozy.me;
-
-    root /srv/http/safetwitch;
-    index index.html;
-
-    location / {
-        try_files $uri $uri/ /index.html;
-    }
-}

x.conf

@@ -31,6 +31,10 @@ server {
     listen [::]:443 ssl;
     server_name reddit.exozy.me;
 
+    if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
+        return 444;
+    }
+
     location / {
         proxy_pass http://localhost:7633;
         proxy_set_header Host $host;