Add compose related nonsense and nginx configuration

nginx/default.conf

@@ -0,0 +1,33 @@
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  localhost;
+
+    add_header X-Robots-Tag "noai, noimageai" always;
+
+    # ── robots.txt — exempt from bot blocking ──────────────────────────
+    location = /robots.txt {
+        try_files $uri =404;
+        access_log off;
+        log_not_found off;
+    }
+
+    # ── Block known AI bots ────────────────────────────────────────────
+    # "if" is safe here — we're only returning a status, not using
+    # proxy_pass, rewrite, or other directives that interact poorly with if
+    location / {
+        if ($bad_bot) {
+            return 403 "Forbidden";
+        }
+
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

nginx/rates.conf

@@ -0,0 +1,8 @@
+# General request limit per IP
+limit_req_zone $binary_remote_addr zone=general:10m rate=30r/s;
+
+# Static asset scraping control
+limit_req_zone $binary_remote_addr zone=static:10m rate=10r/s;
+
+# API abuse protection
+limit_req_zone $binary_remote_addr zone=api:10m rate=5r/s;