{
	#debug
	order replace after encode
}

(log) {
	log {
		output file /log/{args[0]}/access.log {
			roll_size 100MiB
			roll_local_time
			roll_keep 10
			roll_keep_for 2160h
		}
	}
}

(common) {
	header Host {host}
	header X-Real-IP {remote_host}
	header X-Forwarded-For {remote_host}
	header X-Forwarded-Proto {scheme}

	request_body {
		max_size 10MB
	}
}

(ratelimit) {
	rate_limit {
		zone dynamic_zone {
			key {client_ip}
			events 50
			window 1s
		}
		log_key
	}
}

(geoblock) {
	@non_china_block {
		not {
			maxmind_geolocation {
				db_path "/geodb/GeoLite2-Country.mmdb"
				allow_countries CN
			}
		}
	}

	respond @non_china_block "You are blocked" 403
}

:443 {
	tls internal
	respond 404
}

import /conf/*