diff --git a/scripts/http_host/http_host_lib/nginx/cf.bak b/scripts/http_host/http_host_lib/nginx/cf.bak
deleted file mode 100644
index 9042188..0000000
--- a/scripts/http_host/http_host_lib/nginx/cf.bak
+++ /dev/null
@@ -1,36 +0,0 @@
-server {
-    server_name __LOCAL__ __DOMAIN__;
-
-    # ssl: https://ssl-config.mozilla.org / modern config
-    # to be used with the Cloudflare proxied endpoint
-
-    listen 80;
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    http2 on;
-
-    ssl_certificate /data/nginx/certs/ofm_cf.cert;
-    ssl_certificate_key /data/nginx/certs/ofm_cf.key;
-
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
-    ssl_session_tickets off;
-
-    # modern configuration
-    ssl_protocols TLSv1.3;
-    ssl_prefer_server_ciphers off;
-
-    # access log disabled by default
-    #access_log /data/ofm/http_host/logs_nginx/cf-access.jsonl access_json buffer=32k;
-    access_log off;
-
-    error_log /data/ofm/http_host/logs_nginx/cf-error.log;
-
-    __LOCATION_BLOCKS__
-
-    # catch-all block to deny all other requests
-    location / {
-        deny all;
-        error_log /data/ofm/http_host/logs_nginx/__LOCAL__-error.log error;
-    }
-}
diff --git a/scripts/http_host/http_host_lib/nginx/le.conf b/scripts/http_host/http_host_lib/nginx/le.conf
index 54d5cb6..029d6bd 100644
--- a/scripts/http_host/http_host_lib/nginx/le.conf
+++ b/scripts/http_host/http_host_lib/nginx/le.conf
@@ -23,8 +23,8 @@ server {
     ssl_prefer_server_ciphers off;
 
     # access log disabled by default
-    #access_log /data/ofm/http_host/logs_nginx/le-access.jsonl access_json buffer=32k;
-    access_log off;
+    access_log /data/ofm/http_host/logs_nginx/le-access.jsonl access_json buffer=32k;
+    #access_log off;
 
     error_log /data/ofm/http_host/logs_nginx/le-error.log;
 
diff --git a/scripts/http_host/http_host_lib/nginx/ledns.conf b/scripts/http_host/http_host_lib/nginx/ledns.conf
index 0d152cf..905f627 100644
--- a/scripts/http_host/http_host_lib/nginx/ledns.conf
+++ b/scripts/http_host/http_host_lib/nginx/ledns.conf
@@ -23,8 +23,8 @@ server {
     ssl_prefer_server_ciphers off;
 
     # access log disabled by default
-    #access_log /data/ofm/http_host/logs_nginx/ledns-access.jsonl access_json buffer=32k;
-    access_log off;
+    access_log /data/ofm/http_host/logs_nginx/ledns-access.jsonl access_json buffer=32k;
+    #access_log off;
 
     error_log /data/ofm/http_host/logs_nginx/ledns-error.log;
 
diff --git a/ssh_lib/assets/nginx/nginx.conf b/ssh_lib/assets/nginx/nginx.conf
index 5e83c8c..250479f 100644
--- a/ssh_lib/assets/nginx/nginx.conf
+++ b/ssh_lib/assets/nginx/nginx.conf
@@ -43,6 +43,8 @@ http {
     gzip_types application/json;
 
     log_format access_json '{'
+
+    # general
     '"time": "$time_iso8601", '
     '"status": $status, '
     '"request_method": "$request_method", '
@@ -50,16 +52,22 @@ http {
     '"request": "$request", '
     '"request_time": $request_time, '
     '"body_bytes_sent": $body_bytes_sent, '
-    '"remote_addr": "$remote_addr", '
-    '"http_x_forwarded_for": "$http_x_forwarded_for", '
-    '"http_cf_connecting_ip": "$http_cf_connecting_ip", '
     '"http_referrer": "$http_referer", '
     '"http_user_agent": "$http_user_agent", '
     '"scheme": "$scheme", '
     '"host": "$host", '
     '"http_host": "$http_host", '
-    '"http_cf_ray": "$http_cf_ray", '
-    '"http_cf_ipcountry": "$http_cf_ipcountry"'
+
+    # IP address related
+    #'"remote_addr": "$remote_addr", '
+    #'"http_x_forwarded_for": "$http_x_forwarded_for", '
+
+    # CF related
+    #'"http_cf_ray": "$http_cf_ray", '
+    #'"http_cf_ipcountry": "$http_cf_ipcountry", '
+    #'"http_cf_connecting_ip": "$http_cf_connecting_ip", '
+
+    '"_": "_"' # no trailing comma
     '}';
 
     # access log disabled by default
diff --git a/website/src/pages/privacy.md b/website/src/pages/privacy.md
index f8964f6..65ec8b6 100644
--- a/website/src/pages/privacy.md
+++ b/website/src/pages/privacy.md
@@ -15,7 +15,7 @@ This page is a static HTML hosted on GitHub pages.
 
 We do not send newsletters. Please follow us on X or GitHub for updates.
 
-The only data we might collect are server logs. Technically, these are disabled by default and are only enabled temporarily to investigate problems with our service.
+The only data we might collect are server logs. The IP addresses are not included in these logs, but we reserve the right to temporarily enable them to investigate problems or misuse of our services.
 
 ---