server {

  listen 443 ssl;
  server_name arti24.eu;
  
  server_tokens off; 

  ssl_certificate      /letsencrypt/live/arti24.eu/fullchain.pem;
  ssl_certificate_key  /letsencrypt/live/arti24.eu/privkey.pem;
   
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers         HIGH:!aNULL:!MD5;
 
 # --- BLOCK COMMON SCANNERS / BOT ATTACKS ---
    location ~* ^/(wp-admin|wp-content|wp-includes|xmlrpc\.php|phpmyadmin|vendor|setup|config|\.env|\.git|\.gitignore|\.htaccess|\.DS_Store|shell\.php|test\.php|admin\.php|login\.php) {
        return 404;
    }
    
    location ~* \.php$ {
        return 404;
    }

# --- GŁÓWNY PROXY / Node.js ---
location / {
 
  location / {
  
         # Ograniczenie liczby żądań
        limit_req zone=ip_limit burst=20 nodelay;
        
        proxy_pass http://arti24-container:3002;
        
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-Host    $host;
        proxy_set_header    X-Forwarded-Port    $server_port;
  }
     
}