From 45be5744a7430479f6491c2dcf7e24267578cadd Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Mon, 16 Feb 2026 21:53:40 +0000
Subject: [PATCH] nominatim: add custom nginx log format

---
 cookbooks/nominatim/templates/default/nginx.erb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index ffa0c575e..df1ab6b6e 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -130,11 +130,16 @@ set_real_ip_from <%= address %>;
 real_ip_header Fastly-Client-IP;
 real_ip_recursive off;
 
+# Custom log format to include JA4 TLS fingerprint and other details for better blocking and analysis
+log_format nominatim_log  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" "$http_x_tls_ja4" "$http_x_ja4h"';
+
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
 
-    access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined;
+    access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log nominatim_log;
     error_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-error.log;
 
     location /nginx_status {
@@ -167,7 +172,7 @@ server {
 
     keepalive_requests 2;
 
-    access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined;
+    access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log nominatim_log;
     error_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-error.log;
 
     location /nginx_status {
-- 
2.39.5