From 9a810fe545abab371e63354addf2294369e58316 Mon Sep 17 00:00:00 2001
From: kbrianngeno <kbrianngeno@novicelab.io>
Date: Tue, 17 Mar 2026 08:34:36 +0000
Subject: [PATCH 1/5] Add goaccess for log visualization on hugo pages

---
 docker-compose.yml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e7025f0..45fa217 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,5 @@
 services:
-  web:
+  nginx:
     container_name: nginx
     image: nginx:latest
     ports:
@@ -8,6 +8,8 @@ services:
     volumes:
       - ./data/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./data/conf.d:/etc/nginx/conf.d:ro
+      - ./data/logs:/var/log/nginx
+      - ./data/public:/usr/share/nginx/html:rw
       - ./certbot/conf:/etc/letsencrypt
       - ./certbot/www:/var/www/certbot
     restart: always
@@ -16,6 +18,7 @@ services:
       - nginx
 
   certbot:
+    container_name: certbot
     image: certbot/dns-cloudflare:latest
     restart: unless-stopped
     volumes:
@@ -26,6 +29,27 @@ services:
     networks: 
       - nginx
 
+  goaccess:
+    container_name: goaccess
+    image: allinurl/goaccess
+    user: "0:0"
+    ports:
+      - 0.0.0.0:7890:7890
+    volumes:
+      - ./goaccess/goaccess.conf:/srv/config/goaccess.conf
+      - ./data/logs:/srv/logs:rw
+      - ./data/public:/srv/report:rw
+      - ./certbot/conf:/etc/letsencrypt  
+    command: ["--no-global-config", 
+              "--config-file=/srv/config/goaccess.conf", 
+              "--ssl-cert=/etc/letsencrypt/live/novicelab.io/fullchain.pem",
+              "--ssl-key=/etc/letsencrypt/live/novicelab.io/privkey.pem"] 
+    environment:
+      - TZ=Africa/Nairobi
+    restart: unless-stopped 
+    networks: 
+      - nginx 
+
 networks:
   nginx:
     driver: bridge

From b710eaa41bb68e3e77028ef39592e3d90aeae1f6 Mon Sep 17 00:00:00 2001
From: kbrianngeno <kbrianngeno@novicelab.io>
Date: Tue, 17 Mar 2026 08:36:08 +0000
Subject: [PATCH 2/5] Change log format to VCOMBINED for access logs and debug
 for error logs

---
 data/nginx.conf | 79 ++++++++++++++++---------------------------------
 1 file changed, 25 insertions(+), 54 deletions(-)

diff --git a/data/nginx.conf b/data/nginx.conf
index 622a580..7e5ddca 100644
--- a/data/nginx.conf
+++ b/data/nginx.conf
@@ -10,7 +10,7 @@ events {
 }
 
 http {
-    include       mime.types;
+    include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
     keepalive_timeout 65;
@@ -23,30 +23,31 @@ http {
     resolver 8.8.8.8 valid=30s ipv6=off;
     resolver_timeout 11s;
 
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                        '$status $body_bytes_sent "$http_referer" '
-                        '"$http_user_agent" "$http_x_forwarded_for"';
-
-    # JSON format — preferred for log aggregators (ELK, Loki, Datadog, etc.)
-    log_format  json_log escape=json
-        '{'
-            '"time":"$time_iso8601",'
-            '"remote_addr":"$remote_addr",'
-            '"method":"$request_method",'
-            '"uri":"$request_uri",'
-            '"status":$status,'
-            '"bytes_sent":$body_bytes_sent,'
-            '"request_time":$request_time,'
-            '"upstream_response_time":"$upstream_response_time",'
-            '"referer":"$http_referer",'
-            '"user_agent":"$http_user_agent",'
-            '"x_forwarded_for":"$http_x_forwarded_for",'
-            '"host":"$host"'
-        '}';
+    # log_format json_combined escape=json '{'
+    #     '"method":"$request_method",'
+    #     '"scheme":"$scheme",'
+    #     '"domain":"$host",'
+    #     '"uri":"$request_uri",'
+    #     '"query_string":"$query_string",'
+    #     '"referer":"$http_referer",'
+    #     '"content_type":"$sent_http_content_type",'
+    #     '"status": $status,'
+    #     '"bytes_sent":$body_bytes_sent,'
+    #     '"request_time":$request_time,'
+    #     '"user_agent":"$http_user_agent",'
+    #     '"cache":"$upstream_cache_status",'
+    #     '"upstream_time": "$upstream_response_time",'
+    #     '"timestamp":"$time_iso8601",'
+    #     '"ip":"$http_x_forwarded_for"'
+    # '}';
+    log_format VCOMBINED '$host:$server_port '
+                     '$remote_addr $remote_user [$time_local] '
+                     '"$request" $status $body_bytes_sent '
+                     '"$http_referer" "$http_user_agent"';
 
 
-    access_log  /var/log/nginx/access.log json_log;
-    error_log   /var/log/nginx/error.log;
+    access_log  /var/log/nginx/access.log VCOMBINED;
+    error_log   /var/log/nginx/error.log debug;
     
     sendfile on;
     tcp_nopush on;
@@ -93,34 +94,4 @@ http {
 
     # Include all server configurations
     include /etc/nginx/conf.d/*.conf;
-}
-
-# Existing http {} block stays as-is...
-
-# TCP stream proxy for SMTP ports
-# stream {
-
-#     upstream mailserver_smtp {
-#         server mailserver:25;   # docker-mailserver container name
-#     }
-
-#     upstream mailserver_submission {
-#         server mailserver:587;
-#     }
-
-#     # Port 25 — inbound MTA-to-MTA (if you ever receive external mail)
-#     server {
-#         listen 25;
-#         proxy_pass mailserver_smtp;
-#         proxy_timeout 1m;
-#         proxy_connect_timeout 10s;
-#     }
-
-#     # Port 587 — STARTTLS submission (for mail clients or apps)
-#     server {
-#         listen 587;
-#         proxy_pass mailserver_submission;
-#         proxy_timeout 1m;
-#         proxy_connect_timeout 10s;
-#     }
-# }
\ No newline at end of file
+}
\ No newline at end of file

From ff464ef99f031d2745d3ca85188113f07c2008d8 Mon Sep 17 00:00:00 2001
From: kbrianngeno <kbrianngeno@novicelab.io>
Date: Tue, 17 Mar 2026 08:39:33 +0000
Subject: [PATCH 3/5] Add goaccess nginx configuration

---
 data/conf.d/goaccess.conf | 68 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 data/conf.d/goaccess.conf

diff --git a/data/conf.d/goaccess.conf b/data/conf.d/goaccess.conf
new file mode 100644
index 0000000..e85746a
--- /dev/null
+++ b/data/conf.d/goaccess.conf
@@ -0,0 +1,68 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name goaccess.novicelab.io;
+    
+    # ACME challenge for Let's Encrypt certificate renewal
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+# Server block for GoAccess dashboard
+server {
+    listen 443 ssl; # http2;
+    server_name goaccess.novicelab.io;
+
+    # SSL configuration
+    ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.3;
+
+    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    # add_header X-Content-Type-Options nosniff;
+    # add_header X-Frame-Options DENY;
+    # add_header X-XSS-Protection "1; mode=block";
+
+    resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+
+        # Logging
+    access_log /var/log/nginx/goaccess.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/goaccess.novicelab.io_error.log debug;
+
+    set $goaccess_backend goaccess:7890; 
+
+    root /usr/share/nginx/html;
+    index report.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location /ws {
+        proxy_pass http://$goaccess_backend;
+        proxy_set_header Host $http_host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		
+		#enable ws upgrade
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+	}
+}
\ No newline at end of file

From 382a3dd4383f5f23d460f3a8aac4a984db9d29cd Mon Sep 17 00:00:00 2001
From: kbrianngeno <kbrianngeno@novicelab.io>
Date: Tue, 17 Mar 2026 08:41:27 +0000
Subject: [PATCH 4/5] Track goaccess/goaccess.conf and ignore real-time html
 file (report.html)

---
 .gitignore | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index a728c97..79df6b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,8 @@
 .env
 /data/
 /certbot/
+/goaccess/
+/data/public/
 !/data/nginx.conf
-!/data/conf.d/**
\ No newline at end of file
+!/data/conf.d/**
+!/goaccess/goaccess.conf
\ No newline at end of file

From dc320d83d4a922870c15657776554dc80da5b780 Mon Sep 17 00:00:00 2001
From: kbrianngeno <kbrianngeno@novicelab.io>
Date: Tue, 17 Mar 2026 08:48:06 +0000
Subject: [PATCH 5/5] Change access log format to VCOMBINED and error log
 format to debug

---
 data/conf.d/adminer.conf   |  4 +-
 data/conf.d/auth.conf      |  4 +-
 data/conf.d/book.conf      |  4 +-
 data/conf.d/cluster.conf   |  4 +-
 data/conf.d/collabora.conf | 44 ------------------
 data/conf.d/couch.conf     | 92 --------------------------------------
 data/conf.d/gitea.conf     |  4 +-
 data/conf.d/harbor.conf    |  4 +-
 data/conf.d/hugo.conf      |  8 ++--
 data/conf.d/kenvip.conf    |  0
 data/conf.d/minio.conf     |  8 ++--
 data/conf.d/opencloud.conf |  4 +-
 data/conf.d/plane.conf     |  4 +-
 data/conf.d/s3.conf        |  0
 data/conf.d/tre.conf       | 58 ------------------------
 data/conf.d/umami.conf     |  4 +-
 data/conf.d/vault.conf     |  4 +-
 17 files changed, 28 insertions(+), 222 deletions(-)
 delete mode 100644 data/conf.d/collabora.conf
 delete mode 100644 data/conf.d/couch.conf
 delete mode 100644 data/conf.d/kenvip.conf
 delete mode 100644 data/conf.d/s3.conf
 delete mode 100644 data/conf.d/tre.conf

diff --git a/data/conf.d/adminer.conf b/data/conf.d/adminer.conf
index 33fe17b..d4806c9 100644
--- a/data/conf.d/adminer.conf
+++ b/data/conf.d/adminer.conf
@@ -62,8 +62,8 @@ server {
     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
     # Logging
-    access_log /var/log/nginx/adminer.novicelab.io_access.log;
-    error_log /var/log/nginx/adminer.novicelab.io_error.log;
+    access_log /var/log/nginx/adminer.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/adminer.novicelab.io_error.log debug;
 
     # Root and index
     # root /var/www/html;
diff --git a/data/conf.d/auth.conf b/data/conf.d/auth.conf
index 6c1ea3f..f666b88 100644
--- a/data/conf.d/auth.conf
+++ b/data/conf.d/auth.conf
@@ -62,8 +62,8 @@ server {
     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
     # Logging
-    access_log /var/log/nginx/auth.novicelab.io_access.log;
-    error_log /var/log/nginx/auth.novicelab.io_error.log;
+    access_log /var/log/nginx/auth.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/auth.novicelab.io_error.log debug;
 
     # Root and index
     # root /var/www/html;
diff --git a/data/conf.d/book.conf b/data/conf.d/book.conf
index 0b4110a..10f80f8 100644
--- a/data/conf.d/book.conf
+++ b/data/conf.d/book.conf
@@ -62,8 +62,8 @@ server {
     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
     # Logging
-    access_log /var/log/nginx/book.novicelab.io_access.log;
-    error_log /var/log/nginx/book.novicelab.io_error.log;
+    access_log /var/log/nginx/book.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/book.novicelab.io_error.log debug;
 
     # Root and index
     # root /var/www/html;
diff --git a/data/conf.d/cluster.conf b/data/conf.d/cluster.conf
index fa86c9a..d912f82 100644
--- a/data/conf.d/cluster.conf
+++ b/data/conf.d/cluster.conf
@@ -38,8 +38,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/*.novicelab.io_access.log;
-    error_log /var/log/nginx/*.novicelab.io_error.log;
+    access_log /var/log/nginx/*.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/*.novicelab.io_error.log debug;
 
     location / {
         proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080
diff --git a/data/conf.d/collabora.conf b/data/conf.d/collabora.conf
deleted file mode 100644
index 5dac65f..0000000
--- a/data/conf.d/collabora.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-server {
-    listen 80;
-    server_name collabora.novicelab.io;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl; # http2;
-    server_name collabora.novicelab.io;
-
-    ssl_certificate     /etc/letsencrypt/live/novicelab.io/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-    ssl_session_cache   shared:SSL:10m;
-
-    # Security headers
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-Frame-Options DENY;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-
-    resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
-    resolver_timeout 5s;
-
-    # set $opencloud_backend 10.0.0.251:9980;
-
-
-    location / {
-        proxy_pass              http://10.0.0.251:9980;
-        #proxy_pass         http://$opencloud_backend/;
- 
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-    }
-    location ~ ^/cool/(.*)/ws$ {
-        proxy_pass http://10.0.0.251:9980;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header Host $host;
-    }
-}
\ No newline at end of file
diff --git a/data/conf.d/couch.conf b/data/conf.d/couch.conf
deleted file mode 100644
index 3e40bab..0000000
--- a/data/conf.d/couch.conf
+++ /dev/null
@@ -1,92 +0,0 @@
-server {
-    listen 80;
-    server_name couch.novicelab.io;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl; # http2;
-    server_name couch.novicelab.io;
-
-    ssl_certificate     /etc/letsencrypt/live/novicelab.io/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-    ssl_session_cache   shared:SSL:10m;
-
-    # Security headers
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-Frame-Options DENY;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-
-    resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
-    resolver_timeout 5s;
-
-    set $couch_backend 10.0.0.251:5984;
-
-    # # Block access to _utils (Fauxton) in production
-    # location /_utils {
-    #     deny all;
-    #     return 403;
-    # }
-
-    # # Block _config endpoint externally
-    # location /_config {
-    #     deny all;
-    #     return 403;
-    # }
-
-    # # Block _node endpoint externally
-    # location /_node {
-    #     # deny all;
-    #     # return 403;
-    #     proxy_pass         http://$couch_backend/_node; 
-    #     proxy_redirect     off;
-    #     proxy_set_header   Host $host;
-    #     proxy_set_header   X-Real-IP $remote_addr;
-    #     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-    #     proxy_set_header   X-Forwarded-Proto $scheme;
-
-    #     # Timeouts
-    #     proxy_connect_timeout 10s;
-    #     proxy_read_timeout    60s;
-    # }
-
-    location / {
-        # Handle CORS preflight without hitting CouchDB auth
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin  $http_origin always;
-            add_header Access-Control-Allow-Methods "GET, PUT, POST, HEAD, DELETE, OPTIONS" always;
-            add_header Access-Control-Allow-Headers "accept, authorization, content-type, origin, referer, x-csrf-token" always;
-            add_header Access-Control-Allow-Credentials "true" always;
-            add_header Access-Control-Max-Age 3600;
-            add_header Content-Length 0;
-            add_header Content-Type text/plain;
-            return 204;
-        }
-
-        # Pass all other requests to CouchDB
-        # proxy_pass              http://127.0.0.1:5984;
-        proxy_pass         http://$couch_backend/;
-        proxy_redirect          off;
-        proxy_buffering         off;
-        proxy_method            $request_method;  
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-
-        # Forward CORS headers from CouchDB responses too
-        add_header Access-Control-Allow-Origin      $http_origin always;
-        add_header Access-Control-Allow-Credentials "true" always;
-
-        proxy_connect_timeout 10s;
-        proxy_read_timeout    60s;
-
-        # Headers for WebSocket support
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
-}
\ No newline at end of file
diff --git a/data/conf.d/gitea.conf b/data/conf.d/gitea.conf
index 298c795..cf9416a 100644
--- a/data/conf.d/gitea.conf
+++ b/data/conf.d/gitea.conf
@@ -31,8 +31,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/gitea.novicelab.io_access.log;
-    error_log /var/log/nginx/gitea.novicelab.io_error.log;
+    access_log /var/log/nginx/gitea.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/gitea.novicelab.io_error.log debug;
 
     set $gitea_backend gitea:3000; 
 
diff --git a/data/conf.d/harbor.conf b/data/conf.d/harbor.conf
index bf6fecf..f2f2892 100644
--- a/data/conf.d/harbor.conf
+++ b/data/conf.d/harbor.conf
@@ -31,8 +31,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/harbor.novicelab.io_access.log;
-    error_log /var/log/nginx/harbor.novicelab.io_error.log;
+    access_log /var/log/nginx/harbor.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/harbor.novicelab.io_error.log debug;
 
     # set $harbor_backend 10.0.0.251:9090; 
     set $harbor_backend nginx-harbor:80; 
diff --git a/data/conf.d/hugo.conf b/data/conf.d/hugo.conf
index dbb26ae..8daa3a0 100644
--- a/data/conf.d/hugo.conf
+++ b/data/conf.d/hugo.conf
@@ -2,7 +2,7 @@
 server {
     listen 80;
     listen [::]:80;
-    server_name novicelab.io www.novicelab.io; 
+    server_name novicelab.io www.novicelab.io x.y.novicelab.io; 
     
     # ACME challenge for Let's Encrypt certificate renewal
     location /.well-known/acme-challenge/ {
@@ -17,7 +17,7 @@ server {
 server {
     listen 443 ssl; #http2;
     listen [::]:443 ssl; # http2;
-    server_name novicelab.io www.novicelab.io;
+    server_name novicelab.io www.novicelab.io x.y.novicelab.io;
 
     # SSL Certificate paths
     ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
@@ -62,8 +62,8 @@ server {
     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
     # Logging
-    access_log /var/log/nginx/novicelab.io_access.log;
-    error_log /var/log/nginx/novicelab.io_error.log;
+    access_log /var/log/nginx/novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/novicelab.io_error.log debug;
 
     # Root and index
     # root /var/www/html;
diff --git a/data/conf.d/kenvip.conf b/data/conf.d/kenvip.conf
deleted file mode 100644
index e69de29..0000000
diff --git a/data/conf.d/minio.conf b/data/conf.d/minio.conf
index 27e5b9c..86e0832 100644
--- a/data/conf.d/minio.conf
+++ b/data/conf.d/minio.conf
@@ -41,8 +41,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/minio.novicelab.io_access.log;
-    error_log /var/log/nginx/minio.novicelab.io_error.log;
+    access_log /var/log/nginx/minio.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/minio.novicelab.io_error.log debug;
 
     # resolver 127.0.0.11 valid=30s;
     set $minio_backend minio:9001; 
@@ -107,8 +107,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/s3.novicelab.io_access.log;
-    error_log /var/log/nginx/s3.novicelab.io_error.log;
+    access_log /var/log/nginx/s3.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/s3.novicelab.io_error.log debug;
 
     # resolver 127.0.0.11 valid=30s;
     set $s3_backend minio:9000; 
diff --git a/data/conf.d/opencloud.conf b/data/conf.d/opencloud.conf
index f95ed0a..bdec5e9 100644
--- a/data/conf.d/opencloud.conf
+++ b/data/conf.d/opencloud.conf
@@ -15,8 +15,8 @@ server {
     ssl_session_cache   shared:SSL:10m;
 
     # Logging
-    access_log /var/log/nginx/opencloud.novicelab.io_access.log;
-    error_log /var/log/nginx/opencloud.novicelab.io_error.log;
+    access_log /var/log/nginx/opencloud.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/opencloud.novicelab.io_error.log debug;
 
     # Security headers
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
diff --git a/data/conf.d/plane.conf b/data/conf.d/plane.conf
index 074feac..0b4e275 100644
--- a/data/conf.d/plane.conf
+++ b/data/conf.d/plane.conf
@@ -40,8 +40,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/plane.novicelab.io_access.log;
-    error_log /var/log/nginx/plane.novicelab.io_error.log;
+    access_log /var/log/nginx/plane.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/plane.novicelab.io_error.log debug;
 
     # resolver 127.0.0.11 valid=30s;
     # set $plane_backend 10.0.0.251:9020; 
diff --git a/data/conf.d/s3.conf b/data/conf.d/s3.conf
deleted file mode 100644
index e69de29..0000000
diff --git a/data/conf.d/tre.conf b/data/conf.d/tre.conf
deleted file mode 100644
index 9d41ee3..0000000
--- a/data/conf.d/tre.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-server {
-    # listen 80;
-    # server_name *.novicelab.io;
-    # resolver 127.0.0.11 valid=30s;
-    # set $haproxy_backend haproxy:80;
-    listen 443 ssl; #http2;
-    listen [::]:443 ssl; # http2;
-    server_name tre.novicelab.io;
-
-    # SSL Certificate paths
-    ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
-
-    # SSL Protocol - TLS 1.2 and 1.3 only
-    ssl_protocols TLSv1.2 TLSv1.3;
-    
-    # Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
-    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
-    ssl_prefer_server_ciphers off;
-
-    # SSL session configuration
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_tickets off;
-
-    resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
-    resolver_timeout 5s;
-
-    # Security Headers
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
-
-    # Logging
-    access_log /var/log/nginx/tre.novicelab.io_access.log;
-    error_log /var/log/nginx/tre.novicelab.io_error.log;
-
-    location /data-catalog {
-        proxy_pass https://10.0.0.251:8888; # Assuming HAProxy is on port 8080
-        # proxy_pass http://haproxy_backend;
-        proxy_http_version 1.1;
-        proxy_set_header Connection "";
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        # Performance optimizations
-        proxy_buffering off;
-        proxy_request_buffering off;
-        proxy_connect_timeout 5s;
-        proxy_send_timeout 30s;
-        proxy_read_timeout 30s;
-    }
-}
\ No newline at end of file
diff --git a/data/conf.d/umami.conf b/data/conf.d/umami.conf
index 73fb9dd..1a284c9 100644
--- a/data/conf.d/umami.conf
+++ b/data/conf.d/umami.conf
@@ -62,8 +62,8 @@ server {
     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
     # Logging
-    access_log /var/log/nginx/umami.novicelab.io_access.log;
-    error_log /var/log/nginx/umami.novicelab.io_error.log;
+    access_log /var/log/nginx/umami.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/umami.novicelab.io_error.log debug;
 
     # Root and index
     # root /var/www/html;
diff --git a/data/conf.d/vault.conf b/data/conf.d/vault.conf
index eb70608..caedbc2 100644
--- a/data/conf.d/vault.conf
+++ b/data/conf.d/vault.conf
@@ -31,8 +31,8 @@ server {
     add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
 
     # Logging
-    access_log /var/log/nginx/vault.novicelab.io_access.log;
-    error_log /var/log/nginx/vault.novicelab.io_error.log;
+    access_log /var/log/nginx/vault.novicelab.io_access.log VCOMBINED;
+    error_log /var/log/nginx/vault.novicelab.io_error.log debug;
     set $vault_backend vaultwarden:443;
 
     location / {