Improve rate limits and add caching for shared-IP environments

Partners like bioRxiv/medRxiv make multiple unauthenticated search API
calls per page load (2 groups x paginated at limit=50). In shared-IP
environments (conferences, universities), all users share one rate
limit bucket, causing 429s.

Changes:
- Bump general API rate limit from 4r/s burst=44 to 10r/s burst=200
- Bump badge rate limit from 1r/s burst=15 to 10r/s burst=100
- Add Cache-Control: public, max-age=60 on unauthenticated search
  responses and all badge responses (identical queries from shared-IP
  users now served from CloudFlare/browser cache)
- Enable nginx JSON access logging for rate limit visibility
- Increase rate limit zone memory from 1m to 2m (~16k users)

Ref: product-backlog#1716

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: santicomp2014

conf/nginx.conf

@@ -20,7 +20,20 @@ http {
   include mime.types;
   default_type application/octet-stream;
 
-  access_log off;
+  log_format json_combined escape=json
+    '{'
+      '"time_local":"$time_local",'
+      '"remote_addr":"$remote_addr",'
+      '"cf_connecting_ip":"$http_cf_connecting_ip",'
+      '"request_method":"$request_method",'
+      '"request_uri":"$request_uri",'
+      '"status":$status,'
+      '"body_bytes_sent":$body_bytes_sent,'
+      '"request_time":$request_time,'
+      '"http_user_agent":"$http_user_agent"'
+    '}';
+
+  access_log /dev/stdout json_combined;
 
   # If there is an auth token, rate limit based on that,
   # else if there is a cloudflare ip header rate limit based on that,
@@ -31,11 +44,11 @@ http {
     default $http_authorization;
   }
 
-  # 1m stands for 1 megabyte so the zone can store ~8k users.
-  limit_req_zone $limit_per_user zone=badge_user_limit:1m rate=1r/s;
-  limit_req_zone $limit_per_user zone=assets_user_limit:1m rate=20r/s;
-  limit_req_zone $limit_per_user zone=create_ann_user_limit:1m rate=4r/s;
-  limit_req_zone $limit_per_user zone=user_limit:1m rate=4r/s;
+  # 2m stands for 2 megabytes so the zone can store ~16k users.
+  limit_req_zone $limit_per_user zone=badge_user_limit:2m rate=10r/s;
+  limit_req_zone $limit_per_user zone=assets_user_limit:2m rate=20r/s;
+  limit_req_zone $limit_per_user zone=create_ann_user_limit:2m rate=4r/s;
+  limit_req_zone $limit_per_user zone=user_limit:2m rate=10r/s;
   limit_req_status 429;
 
   # We set fail_timeout=0 so that the upstream isn't marked as down if a single
@@ -96,7 +109,7 @@ http {
       # load from any single user, and take advantage of latency
       # not being critical.
       location /api/badge {
-        limit_req zone=badge_user_limit burst=15;
+        limit_req zone=badge_user_limit burst=100 nodelay;
         error_page 429 @api_error_429;
 
         proxy_pass http://web;
@@ -120,15 +133,15 @@ http {
       }
 
       location /api {
-        limit_req zone=user_limit burst=44 nodelay;
+        limit_req zone=user_limit burst=200 nodelay;
         error_page 429 @api_error_429;
 
         proxy_pass http://web;
       }
 
       # An overall rate limit was chosen to allow reasonable usage while
       # preventing a single user from causing service disruption.
-      limit_req zone=user_limit burst=44 nodelay;
+      limit_req zone=user_limit burst=200 nodelay;
     }
   }